nvd-json-data-feeds/CVE-2010/CVE-2010-23xx/CVE-2010-2337.json

{
  "id": "CVE-2010-2337",
  "sourceIdentifier": "security_alert@emc.com",
  "published": "2010-07-28T12:48:52.543",
  "lastModified": "2017-08-17T01:32:41.820",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in RSA Federated Identity Manager 4.0 before 4.0.25 and 4.1 before 4.1.26 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redirecci\u00f3n involuntaria en RSA Federated Identity Manager v4.0 anterior a v4.0.25 y v4.1 anterior a v4.1.26 permite a atacantes remotos redireccionar a los usuarios a sitios Web de su elecci\u00f3n y llevar a cabo ataques de phishing mediante vectores desconocidos."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:rsa:federated_identity_manager:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC82DF4-53B5-4308-A68F-C2877960DEA0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:rsa:federated_identity_manager:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEF60540-D484-43AB-B0CA-728B1FCB7E13"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://archives.neohapsis.com/archives/bugtraq/2010-07/0187.html",
      "source": "security_alert@emc.com"
    },
    {
      "url": "http://www.securityfocus.com/bid/41850",
      "source": "security_alert@emc.com"
    },
    {
      "url": "http://www.securitytracker.com/id?1024239",
      "source": "security_alert@emc.com"
    },
    {
      "url": "http://www.vupen.com/english/advisories/2010/1880",
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60564",
      "source": "security_alert@emc.com"
    },
    {
      "url": "https://knowledge.rsasecurity.com/scolcms/set.aspx?id=8692",
      "source": "security_alert@emc.com"
    }
  ]
}