CVE-2024-25566 | THREATINT

Description

An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks

PUBLISHED Reserved 2024-02-29 | Published 2024-10-29 | Updated 2024-10-29 | Assigner Ping Identity

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Product status

Default status

affected

7.5.0 (major release)

affected

7.4.0 (maintenance release)

affected

7.3.0 (maintenance release)

affected

7.2.0 (maintenance release)

affected

7.1.0 (maintenance release)

affected

Any version

affected

References

backstage.forgerock.com/downloads/browse/am/featured

backstage.forgerock.com/...edge/advisories/article/a63463303

cve.org (CVE-2024-25566)

nvd.nist.gov (CVE-2024-25566)

Download JSON