CVE-2024-21832

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21832
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083
https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083
Configurations

No configuration.

History

21 Nov 2024, 08:55

Type Values Removed Values Added
References () https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083 - () https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083 -

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Existe un posible vector de ataque de inyección JSON en los almacenes de datos de la API REST de PingFederate utilizando el método POST y un cuerpo de solicitud JSON.

09 Jul 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-09 23:15

Updated : 2024-11-21 08:55

NVD link : CVE-2024-21832

Mitre link : CVE-2024-21832

CVE.ORG link : CVE-2024-21832

JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')