CVE-2024-22477

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*

History

19 Aug 2024, 14:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 1.8
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*
First Time Pingidentity
Pingidentity pingfederate
References () https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083 - () https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083 - Broken Link, Vendor Advisory

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de Cross Site Scripting en la consola de administración de OIDC Policy Management Editor. El impacto está limitado a los usuarios de la consola de administración únicamente.

09 Jul 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 23:15

Updated : 2024-08-19 14:21


NVD link : CVE-2024-22477

Mitre link : CVE-2024-22477

CVE.ORG link : CVE-2024-22477


JSON object : View

Products Affected

pingidentity

  • pingfederate
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')