Menu
Contact

Published Product Vulnerabilities

LAST UPDATED: OCT 02, 2024

CVEID
CVE-2024-7211

PRODUCT
1E Platform

VERSION
– 24.7
– 23.11.1.15
– 23.7.1.80
– 8.4.1.229

PROBLEM TYPE
URL Redirection to Untrusted Site (‘Open Redirect’)

REFERENCES
– https://www.1e.com/trust-security-compliance/cve-info/
– NVD – CVE-2024-7211 (nist.gov)
– CVE – CVE-2024-7211 (mitre.org)
– CVE Record | CVE-2024-7211 (cve.org)
– Security Patch for IdentityServer (CVE-2024-39694) | Duende Software Blog

DESCRIPTION
The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.

Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.

DATE
31-07-2024

ASSIGNING CNA
1E

CVEID
CVE-2024-7211

PRODUCT
1E Platform

VERSION
– 24.7
– 23.11.1.15
– 23.7.1.80
– 8.4.1.229

PROBLEM TYPE
URL Redirection to Untrusted Site (‘Open Redirect’)

REFERENCES
– https://www.1e.com/trust-security-compliance/cve-info/
– NVD – CVE-2024-7211 (nist.gov)
– CVE – CVE-2024-7211 (mitre.org)
– CVE Record | CVE-2024-7211 (cve.org)
– Security Patch for IdentityServer (CVE-2024-39694) | Duende Software Blog

DESCRIPTION
The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.

Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.

DATE
31-07-2024

ASSIGNING CNA
1E

CVEID
CVE-2024-7211

PRODUCT
1E Platform

VERSION
– 24.7
– 23.11.1.15
– 23.7.1.80
– 8.4.1.229

PROBLEM TYPE
URL Redirection to Untrusted Site (‘Open Redirect’)

REFERENCES
– https://www.1e.com/trust-security-compliance/cve-info/
– NVD – CVE-2024-7211 (nist.gov)
– CVE – CVE-2024-7211 (mitre.org)
– CVE Record | CVE-2024-7211 (cve.org)
– Security Patch for IdentityServer (CVE-2024-39694) | Duende Software Blog

DESCRIPTION
The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.

Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.

DATE
31-07-2024

ASSIGNING CNA
1E

© 2024 CTOne inc. All rights reserved

privacy policy

O'Prueba

O'Prueba specializes in Edge AI Service Gateway solutions. In collaboration with CTOne, its security features can be seamlessly deployed to numerous edge IoT endpoints with a single click via the O'Prueba OOS platform. This integration enables businesses to accelerate deployment, enhance data protection, and drive innovation toward digital transformation.

Website

Clarity

Together with Claroty, we enhance enterprise operational & cyber resiliency for critical infrastructure and secure Cyber-Physical Systems in traditional and hybrid private cellular (5G/LTE) environments.

Website
|
Case Study

Netcube Inc.

Netcube is a leader in mobility management solutions for enterprise networking, renowned for its acclaimed authentication and IP automation technologies. Netcube also specializes in implementing 5G connectivity across various industry applications. As an official sales channel partner of CTOne in Korea, we collaborate to offer private 5G enabler solutions with comprehensive security measures. These solutions leverage network slicing-based security controls and ensure industry-specific guaranteed mobility networking.

Website

SpectrEdge

As a professional 5G telecommunication networking solution vendor,  SpectrEdge and CTOne combined solution delivers rapidly deployable 5G Networking with Industry-Leading Security designed for financial, defense, and public safety markets.

Website

Neutroon

Neutroon and CTOne revolutionize wireless management and cybersecurity, offering 'API First' network control, security, and edge orchestration. Neutroon's unified management spans radio, core, devices, and applications, while CTOne enhances end-to-end security. This collaboration empowers CSPs and enterprises with a scalable, intelligent platform for 5G/LTE.

Website

Pegatron

With a strong focus on operational security, the combination of Pegatron`s end-to-end private 5G offerings and CTOne`s cybersecurity solution enables a more effective approach to enabling smart factories. By addressing critical operational and cybersecurity needs, the joint solution enables modern enterprises to realize the true value of next-generation wireless deployment in their smart factories.

Website

Nexcom

As a certified hardware platform partner, NEXCOM’s hardware appliances have been tested and certified as compatible with CTOne's virtualized private 5G security solution. As a certified solution, global organizations are able to confidently harness the power of CTOne’s leading cybersecurity capabilities in combination with NEXCOM's extensive capabilities in Edge AI, Fixed Wireless Access (FWA), private 5G, and secure IoT connectivity.

Website
|
Case Study

Saviah

The joint Saviah-CTOne solution leverages Saviah's cost-effective, high-performance, reliable, and interoperable industrial-grade 5GC service and CTOne's proven end-to-end security. The result: a more secure and easier to manage private mobile network environment for enterprises with the ability to leverage the major features and versatility of 5G.

Website
|
Blog

Inventec

Securing OT environments connected to CT networks, the integration of Inventec's Smart Factory DX solution with CTOne extends our security capabilities beyond CT into OT. With our joint solution, we offer enterprises an end-to-end service encompassing IT, OT, and CT, complete with a holistic cybersecurity strategy to support enterprises during digital transformation.

Website
|
Case Study

Ataya

The integration of Ataya’s Harmony solution with CTOne provides enterprises with comprehensive connectivity and security visibility across 5G, Wi-Fi, and wired networks. With this joint solution for hybrid networks, enterprises gain full security visibility into Ataya’s Universal Connectivity Platform while supporting a zero-trust strategy and reducing the effort and cost associated with security management.

Website
|
Blog

This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings. Learn more

Accept & Close