Lucene search

Ping IdentityCVE-2024-22477

HistoryJul 09, 2024 - 11:15 p.m.

CVE-2024-22477

2024-07-0923:15:10

CWE-79

Ping Identity

web.nvd.nist.gov

cross-site scripting

oidc

policy management

admin console

vulnerability

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

3.6

Confidence

High

EPSS

Percentile

9.2%

JSON

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.

Affected configurations

Nvd

Node

pingidentitypingfederateRange10.3.0–10.3.13

pingidentitypingfederateRange11.0.0–11.0.9

pingidentitypingfederateRange11.1.0–11.1.9

pingidentitypingfederateRange11.2.0–11.2.8

pingidentitypingfederateRange11.3.0–11.3.4

pingidentitypingfederateMatch12.0.0

VendorProductVersionCPE
pingidentitypingfederate*cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
pingidentitypingfederate12.0.0cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pingidentity	pingfederate	*	cpe:2.3:a:pingidentity:pingfederate::::::::
pingidentity	pingfederate	12.0.0	cpe:2.3:a:pingidentity:pingfederate:12.0.0:::::::*

CNA Affected

[
  {
    "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
    "defaultStatus": "unaffected",
    "product": "PingFederate",
    "vendor": "Ping Identity",
    "versions": [
      {
        "lessThanOrEqual": "11.0.9",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11.1.9",
        "status": "affected",
        "version": "11.1.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11.2.8",
        "status": "affected",
        "version": "11.2.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "11.3.4",
        "status": "affected",
        "version": "11.3.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "12.0.0",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "10.3.13",
        "status": "affected",
        "version": "10.3.0",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083