CVE-2024-7211

MEDIUM

1E Platform - Open Redirect via Duende Identity Server

Title source: llm

Description

The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix.

References (1)

Core 1

Core References

Various Sources

https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2024-2001/

Scores

CVSS v3 4.7

EPSS 0.0023

EPSS Percentile 13.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (4)

1e/platform 8.4.1.229

1e/platform 23.7.1.80

1e/platform 23.11.1.15

1e/platform 24.7

Published Aug 01, 2024

Tracked Since Feb 18, 2026