Lucene search

[email protected]NVD:CVE-2024-22477

HistoryJul 09, 2024 - 11:15 p.m.

CVE-2024-22477

2024-07-0923:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

oidc

policy management

admin console users

CVSS3

4.3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

9.2%

JSON

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.

Affected configurations

Nvd

Node

pingidentitypingfederateRange10.3.0–10.3.13

pingidentitypingfederateRange11.0.0–11.0.9

pingidentitypingfederateRange11.1.0–11.1.9

pingidentitypingfederateRange11.2.0–11.2.8

pingidentitypingfederateRange11.3.0–11.3.4

pingidentitypingfederateMatch12.0.0

VendorProductVersionCPE
pingidentitypingfederate*cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
pingidentitypingfederate12.0.0cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pingidentity	pingfederate	*	cpe:2.3:a:pingidentity:pingfederate::::::::
pingidentity	pingfederate	12.0.0	cpe:2.3:a:pingidentity:pingfederate:12.0.0:::::::*

References

docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083