CVE-2010-2337

Published: Jul 28, 2010Modified: Apr 29, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors.

Affected (2)

Products: Rsa: Federated Identity Manager

Rsa

1 product

Federated Identity Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Rsa Federated Identity Manager	Version 4.0
Rsa Federated Identity Manager	Version 4.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html

Source: security_alert@emc.com

http://osvdb.org/66504

Source: security_alert@emc.com

http://secunia.com/advisories/40704

Source: security_alert@emc.com

Vendor Advisory

http://www.securityfocus.com/bid/41850

Source: security_alert@emc.com

http://www.securitytracker.com/id?1024239

Source: security_alert@emc.com

http://www.vupen.com/english/advisories/2010/1880

Source: security_alert@emc.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/60564

Source: security_alert@emc.com

https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html