CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-23983 – Access rules for PingAccess may be circumvented with URL-encoded characters
https://notcve.org/view.php?id=CVE-2024-23983
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. • https://docs.pingidentity.com/pingaccess/latest/release_notes/pa_811_rn.html https://www.pingidentity.com/en/resources/downloads/pingaccess.html • CWE-20: Improper Input Validation CWE-177: Improper Handling of URL Encoding (Hex Encoding) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23316 – PingAccess HTTP Request Desynchronization Weakness
https://notcve.org/view.php?id=CVE-2024-23316
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests. La desincronización de solicitudes HTTP en Ping Identity PingAccess, todas las versiones anteriores a 8.0.1 afectadas, permite a un atacante enviar solicitudes de encabezado http especialmente manipuladas para crear una condición de contrabando de solicitudes para solicitudes proxy. • https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling https://www.pingidentity.com/en/resources/downloads/pingaccess.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31923
https://notcve.org/view.php?id=CVE-2021-31923
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. Ping Identity PingAccess versiones anteriores a 5.3.3, permite un contrabando de peticiones HTTP por medio de la manipulación de encabezados. • https://docs.pingidentity.com/bundle/pingaccess-53/page/wco1629833104567.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •