CVE-2024-23600

PingIDM Query Filter Vulnerability

CVSS 2.7 LOWEPSS 0.7%CWE-20

Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

Ping Identity · PingIDM

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality https://backstage.forgerock.com/knowledge/kb/article/a95212747 http://seclists.org/fulldisclosure/2024/Oct/18