cbcvebase.
CVE-2023-40148
published 2024-04-10

CVE-2023-40148: Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via…

PriorityP434medium6.5CVSS 3.1
AVNACLPRNUINSUCLINAL
EPSS
0.46%
36.6th percentile
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.

Affected

4 ranges
VendorProductVersion rangeFixed in
ping_identitypingfederate11.0.0 – 11.0.8
ping_identitypingfederate11.1.0 – 11.1.8
ping_identitypingfederate11.2.0 – 11.2.7
ping_identitypingfederate11.3.0 – 11.3.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.