5.8

CVE-2024-23983

Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerpingidentity
Produkt pingaccess
Default Statusunknown
Version < 8.1.1
Version 8.1.0
Status affected
Version < 8.0.4
Version 8.0.0
Status affected
Version < 7.3.5
Version 7.3.0
Status affected
Version < 7.2.4
Version 7.2.0
Status affected
Version < 7.1.5
Version 7.1.0
Status affected
Version < 7.0.8
Version 7.0.0
Status affected
Version < 6.3.9
Version 6.0.0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.247
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
responsible-disclosure@pingidentity.com 5.8 0 0
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:M/U:Amber
CWE-177 Improper Handling of URL Encoding (Hex Encoding)

The product does not properly handle when all or part of an input has been URL encoded.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.