CVE-2024-22377

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
09/07/2024
Last modified:
19/08/2024

Description

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:* 10.3.0 (including) 10.3.13 (including)
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:* 11.0.0 (including) 11.0.9 (including)
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:* 11.1.0 (including) 11.1.9 (including)
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:* 11.2.0 (including) 11.2.8 (including)
cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:* 11.3.0 (including) 11.3.4 (including)
cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*