Lucene search
Ping IdentityVULNRICHMENT:CVE-2024-21832HistoryJul 09, 2024 - 11:04 p.m.
CVE-2024-21832 PingFederate REST API Data Store Injection
2024-07-0923:04:55
CWE-94
Ping Identity
github.com
10
cve-2024-21832
pingfederate
rest api
data store
injection
json
attack vector
post method
CVSS3
3.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
AI Score
7.2
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.
CNA Affected
[
{
"vendor": "Ping Identity",
"product": "PingFederate",
"versions": [
{
"status": "affected",
"version": "11.0.0",
"versionType": "custom",
"lessThanOrEqual": "11.0.9"
},
{
"status": "affected",
"version": "11.1.0",
"versionType": "custom",
"lessThanOrEqual": "11.1.9"
},
{
"status": "affected",
"version": "11.2.0",
"versionType": "custom",
"lessThanOrEqual": "11.2.8"
},
{
"status": "affected",
"version": "11.3.0",
"versionType": "custom",
"lessThanOrEqual": "11.3.4"
},
{
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
],
"collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
CVE-2024-21832 PingFederate REST API Data Store Injection
2024-07-09 23:04:55
cve
cve
CVE-2024-21832
2024-07-09 23:15:10
nvd
nvd
CVE-2024-21832
2024-07-09 23:15:10
CVSS3
3.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
AI Score
7.2
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-21832