5.8
CVE-2024-23983
- EPSS 0.41%
- Veröffentlicht 11.11.2024 23:15:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle responsible-disclosure@pingide
- CVE-Watchlists
- Unerledigt
Access rules for PingAccess may be circumvented with URL-encoded characters
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerpingidentity
≫
Produkt
pingaccess
Default Statusunknown
Version
8.1.0
Version <
8.1.1
Status
affected
Version
8.0.0
Version <
8.0.4
Status
affected
Version
7.3.0
Version <
7.3.5
Status
affected
Version
7.2.0
Version <
7.2.4
Status
affected
Version
7.1.0
Version <
7.1.5
Status
affected
Version
7.0.0
Version <
7.0.8
Status
affected
Version
6.0.0
Version <
6.3.9
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.328 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| responsible-disclosure@pingidentity.com | 5.8 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:X/V:X/RE:M/U:Amber
|
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
The product does not properly handle when all or part of an input has been URL encoded.
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.pingidentity.com/en/resources/downloads/pingaccess.html
https://docs.pingidentity.com/pingaccess/latest/release_notes/pa_811_rn.html