CVE-2024-21832

LOW

PingFederate 11.0.0-11.0.8, 11.1.0-11.1.8, 11.2.0-11.2.7, 11.3.0-11.3.3 - JSON Injection via REST API POST Request

Title source: llm
STIX 2.1

Description

A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.

References (1)

Core 1

Scores

CVSS v3 3.5
EPSS 0.0024
EPSS Percentile 14.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-94
Status published
Products (5)
Ping Identity/PingFederate 11.0.0 - 11.0.9
Ping Identity/PingFederate 11.1.0 - 11.1.9
Ping Identity/PingFederate 11.2.0 - 11.2.8
Ping Identity/PingFederate 11.3.0 - 11.3.4
Ping Identity/PingFederate 12.0.0
Published Jul 09, 2024
Tracked Since Feb 18, 2026