We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-23600

PingIDM Query Filter Vulnerability



Description

Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.

Reserved 2024-02-29 | Published 2024-08-01 | Updated 2024-10-31 | Assigner Ping Identity


LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unknown

7.0.0
affected

Credits

Ksandros Apostoli finder

Miguel García Martín finder

References

backstage.forgerock.com/knowledge/kb/article/a95212747

backstage.forgerock.com/...es/regular-channel-changelog.html

cve.org (CVE-2024-23600)

nvd.nist.gov (CVE-2024-23600)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-23600

Support options

Helpdesk Chat, Email, Knowledgebase