CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-23983 – Access rules for PingAccess may be circumvented with URL-encoded characters
https://notcve.org/view.php?id=CVE-2024-23983
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. • https://docs.pingidentity.com/pingaccess/latest/release_notes/pa_811_rn.html https://www.pingidentity.com/en/resources/downloads/pingaccess.html • CWE-20: Improper Input Validation CWE-177: Improper Handling of URL Encoding (Hex Encoding) •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-25566 – Open Redirect in PingAM
https://notcve.org/view.php?id=CVE-2024-25566
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks • https://backstage.forgerock.com/downloads/browse/am/featured https://backstage.forgerock.com/knowledge/advisories/article/a63463303 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23600 – PingIDM Query Filter Vulnerability
https://notcve.org/view.php?id=CVE-2024-23600
Improper Input Validation of query search results for private field data in PingIDM OPENIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. Ping Identity PingIDM versions 7.0.0 through 7.5.0 enabled an attacker with read access to the User collection, to abuse API query filters in order to obtain managed and/or internal user's passwords in either plaintext or encrypted variants, based on configuration. The API clearly prevents the password in either plaintext or encrypted to be retrieved by any other means, as this field is set as protected under the User object. However, by injecting a malicious query filter, using password as the field to be filtered, an attacker can perform a blind brute-force on any victim's user password details (encrypted object or plaintext string). • https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality https://backstage.forgerock.com/knowledge/kb/article/a95212747 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-21832 – PingFederate REST API Data Store Injection
https://notcve.org/view.php?id=CVE-2024-21832
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body. Existe un posible vector de ataque de inyección JSON en los almacenes de datos de la API REST de PingFederate utilizando el método POST y un cuerpo de solicitud JSON. • https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-22377 – PingFederate Runtime Node Path Traversal
https://notcve.org/view.php?id=CVE-2024-22377
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. El directorio de implementación en los nodos de tiempo de ejecución de PingFederate es accesible para usuarios no autorizados. • https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •