CVE-2010-2732 - Vulnerability Details - OpenCVE

Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Forefront Unified Access Gateway

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:::::::*
	cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update1::::::
	cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update2::::::

No data.

References

Link	Providers
https://www.spirityenterprise.com/cyber-awareness
https://www.spirityenterprise.com/virtual-ciso
https://www.spirityenterprise.com/managed-detection-response-microsoft
http://www.us-cert.gov/cas/techalerts/TA10-313A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12257

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2010-11-10T01:00:00.000Z

Updated: 2024-08-07T02:46:47.238Z

Reserved: 2010-07-14T00:00:00.000Z

Link: CVE-2010-2732

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-11-10T03:00:01.943

Modified: 2026-04-29T01:13:23.040

Link: CVE-2010-2732

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-11-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka \"UAG Redirection Spoofing Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS10-089", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"}, {"name": "oval:org.mitre.oval:def:12257", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12257"}, {"name": "TA10-313A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2010-2732", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka \"UAG Redirection Spoofing Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS10-089", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"}, {"name": "oval:org.mitre.oval:def:12257", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12257"}, {"name": "TA10-313A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:46:47.238Z"}, "title": "CVE Program Container", "references": [{"name": "MS10-089", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"}, {"name": "oval:org.mitre.oval:def:12257", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12257"}, {"name": "TA10-313A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2010-2732", "datePublished": "2010-11-10T01:00:00.000Z", "dateReserved": "2010-07-14T00:00:00.000Z", "dateUpdated": "2024-08-07T02:46:47.238Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:*:*:*:*:*:*:*", "matchCriteriaId": "C17E843B-C2FE-433B-B37A-615494AAB211", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update1:*:*:*:*:*:*", "matchCriteriaId": "8D9218D0-D3C5-400A-A8C4-C25160B746B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:forefront_unified_access_gateway:2010:update2:*:*:*:*:*:*", "matchCriteriaId": "C8B9D477-AC0F-4271-ACEF-325C31E8BE40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka \"UAG Redirection Spoofing Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de redirecci\u00f3n abierta en el interfaz web de Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2, permite a atacantes remotos redirigir a usuarios a paginas web de su elecci\u00f3n y llevar a cabo ataques de suplantaci\u00f3n de identidad (phishing) a trav\u00e9s de vectores sin especificar, tambi\u00e9n conocido como \"UAG Redirection Spoofing Vulnerability.\""}], "id": "CVE-2010-2732", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-11-10T03:00:01.943", "references": [{"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA10-313A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12257"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}