CVE-2024-21832
PingFederate REST API Data Store Injection
CVSS v3.1
3.5 (Low)
EPSS
0.04 % (11th)
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.
- Base Severity
- Low
- Base Score
-
- Impact Score
-
- Exploitability Score
-
Metrics
Attack Vector (AV) | Network |
---|---|
Attack Complexity (AC) | High |
Privileges Required (PR) | Low |
User Interaction (UI) | None |
Scope (S) | Changed |
Confidentiality (C) | None |
Integrity (I) | Low |
Availability (A) | None |
# ID | Name |
---|---|
CWE-94 | Improper Control of Generation of Code ('Code Injection') |
References
Source | URL | Tags |
---|---|---|
Ping Identity Corporation | https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083 | |
CVE | https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083 |
Awaiting Analysis
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- Ping Identity Corporation
- Published Date
-
2024-07-09 23:15:10
(6 months ago) - Updated Date
-
2024-11-21 08:55:05
(2 months ago)
View CVE-2024-21832 on ...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...