Overview
- Description
- Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.
- Source
- responsible-disclosure@pingidentity.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 2.7
- Impact score
- 1.4
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
Weaknesses
- responsible-disclosure@pingidentity.com
- CWE-20
Social media
- Hype score
- Not currently trending
Threat Alert: SEC Consult SA-20241030-0 :: Query Filter Injection in Ping Identity PingIDM (fo CVE-2024-23600 Severity: 🟡 Medium Maturity: 💢 Emerging Learn more: https://t.co/wWqbG5wmkF #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
2 Nov 2024
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Identity Crisis: PingIDM Vulnerability Exposes Passwords to Query Filter Injection (CVE-2024-23600) Hot Take: Ping Identity's latest blunder has given hackers a new way to play "Guess the Password", with less effort than it takes to solve a Rubik's Cube. And just like a Rubik's…
@TheNimbleNerd
31 Oct 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes