CVE-2024-22243 - Is Identity Manager vulnerable to URL Redirection to Untrusted Site ('Open Redirect')
search cancel

CVE-2024-22243 - Is Identity Manager vulnerable to URL Redirection to Untrusted Site ('Open Redirect')

book

Article ID: 379924

calendar_today

Updated On:

Products

CA Identity Suite CA Identity Manager

Issue/Introduction

As per CVE: 

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

Environment

Identity Manager 14.5 SP1 and below

Resolution

Identity Manager is not vulnerable with this CVE because Identity Manager is not using UriComponentsBuilder  to parse an externally Provided URL (e.g. through a query parameter).