Lucene search
Ping IdentityCVELIST:CVE-2024-22477HistoryJul 09, 2024 - 11:01 p.m.
CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting
2024-07-0923:01:28
CWE-79
Ping Identity
www.cve.org
4
cve-2024-22477
pingfederate
oidc
policy management
cross-site scripting
admin console
vulnerability
CVSS3
1.8
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
EPSS
0
Percentile
9.2%
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
CNA Affected
[
{
"collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
"defaultStatus": "unaffected",
"product": "PingFederate",
"vendor": "Ping Identity",
"versions": [
{
"lessThanOrEqual": "11.0.9",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.1.9",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.2.8",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "11.3.4",
"status": "affected",
"version": "11.3.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "10.3.13",
"status": "affected",
"version": "10.3.0",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
cve
cve
CVE-2024-22477
2024-07-09 23:15:10
nvd
nvd
CVE-2024-22477
2024-07-09 23:15:10
CVSS3
1.8
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N
EPSS
0
Percentile
9.2%
Related for CVELIST:CVE-2024-22477