CVE-2024-7211

MEDIUM EPSS 13.3%

Published Aug 1, 20241y ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published Aug 1, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

CVSS Details

Base Score

6.1

Exploitability

2.8

Impact

2.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Changed

Confidentiality Low

Integrity Low

Availability None

Threat Intelligence

EPSS Exploit Probability

13.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-601

Affected Products 4

Vendor	Product	Version	Range
1e	platform	8.4.1.229	any
1e	platform	23.7.1.80	any
1e	platform	23.11.1.15	any
1e	platform	24.7	any

References 1

teamviewer.com https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2024-2001/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.