CVE-2024-21832

PingFederate REST API Data Store Injection

CVSS v3.1 3.5 (Low)
EPSS 0.04 % (11th)

A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.

Base Severity
Low
Base Score
3.5
Impact Score
1.4
Exploitability Score
1.8
Metrics
Attack Vector (AV) Network
Attack Complexity (AC) High
Privileges Required (PR) Low
User Interaction (UI) None
Scope (S) Changed
Confidentiality (C) None
Integrity (I) Low
Availability (A) None

Weaknesses

# ID Name
CWE-94 Improper Control of Generation of Code ('Code Injection')

OWASP

# ID Name
A03:2021 Injection

CAPEC - Common Attack Pattern Enumeration and Classification

# ID Name Weakness
CAPEC-35 Leverage Executable Code in Non-Executable Files CWE-94
CAPEC-77 Manipulating User-Controlled Variables CWE-94
CAPEC-242 Code Injection CWE-94
Awaiting Analysis
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Ping Identity Corporation
Published Date
2024-07-09 23:15:10
(6 months ago)
Updated Date
2024-11-21 08:55:05
(2 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...