cbcvebase.
CVE-2024-21832
published 2024-07-09

CVE-2024-21832: A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.

PriorityP417low3.5CVSS 3.1
AVNACHPRLUINSCCNILAN
EPSS
0.24%
14.7th percentile
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.

Affected

5 ranges
VendorProductVersion rangeFixed in
ping_identitypingfederate
ping_identitypingfederate11.0.0 – 11.0.9
ping_identitypingfederate11.1.0 – 11.1.9
ping_identitypingfederate11.2.0 – 11.2.8
ping_identitypingfederate11.3.0 – 11.3.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.