Published Product Vulnerabilities
LAST UPDATED: OCT 02, 2024
CVEID
CVE-2024-7211
PRODUCT
1E Platform
VERSION
– 24.7
– 23.11.1.15
– 23.7.1.80
– 8.4.1.229
PROBLEM TYPE
URL Redirection to Untrusted Site (‘Open Redirect’)
REFERENCES
– https://www.1e.com/trust-security-compliance/cve-info/
– NVD – CVE-2024-7211 (nist.gov)
– CVE – CVE-2024-7211 (mitre.org)
– CVE Record | CVE-2024-7211 (cve.org)
– Security Patch for IdentityServer (CVE-2024-39694) | Duende Software Blog
DESCRIPTION
The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.
Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.
DATE
31-07-2024
ASSIGNING CNA
1E
CVEID
CVE-2024-7211
PRODUCT
1E Platform
VERSION
– 24.7
– 23.11.1.15
– 23.7.1.80
– 8.4.1.229
PROBLEM TYPE
URL Redirection to Untrusted Site (‘Open Redirect’)
REFERENCES
– https://www.1e.com/trust-security-compliance/cve-info/
– NVD – CVE-2024-7211 (nist.gov)
– CVE – CVE-2024-7211 (mitre.org)
– CVE Record | CVE-2024-7211 (cve.org)
– Security Patch for IdentityServer (CVE-2024-39694) | Duende Software Blog
DESCRIPTION
The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.
Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.
DATE
31-07-2024
ASSIGNING CNA
1E
CVEID
CVE-2024-7211
PRODUCT
1E Platform
VERSION
– 24.7
– 23.11.1.15
– 23.7.1.80
– 8.4.1.229
PROBLEM TYPE
URL Redirection to Untrusted Site (‘Open Redirect’)
REFERENCES
– https://www.1e.com/trust-security-compliance/cve-info/
– NVD – CVE-2024-7211 (nist.gov)
– CVE – CVE-2024-7211 (mitre.org)
– CVE Record | CVE-2024-7211 (cve.org)
– Security Patch for IdentityServer (CVE-2024-39694) | Duende Software Blog
DESCRIPTION
The 1E Platform’s component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users.
Note: 1E Platform’s component using the third-party Duende Identity Server has been updated with the patch that includes the fix.
DATE
31-07-2024
ASSIGNING CNA
1E