Plattform
other
Komponente
pingfederate
Behoben in
11.0.10
11.1.10
11.2.9
11.3.5
12.0.1
CVE-2024-21832 describes a potential JSON injection vulnerability discovered in PingFederate. This flaw allows attackers to inject malicious JSON payloads into PingFederate’s REST API data stores when using the POST method. The vulnerability affects versions 11.0.0 through 12.0.0 and has been resolved in version 12.0.1.
Successful exploitation of CVE-2024-21832 could allow an attacker to manipulate data stored within PingFederate’s REST API. While the CVSS score is LOW, this could lead to unauthorized access, modification, or deletion of sensitive information, potentially impacting authentication and authorization processes. The impact is dependent on the data stored within the REST API and the attacker’s ability to leverage the injected JSON to achieve their objectives. A sophisticated attacker could potentially chain this vulnerability with other weaknesses to escalate privileges or gain broader access to the system.
CVE-2024-21832 was publicly disclosed on July 9, 2024. The vulnerability has a LOW CVSS score, suggesting a lower probability of exploitation. No public proof-of-concept (PoC) code has been released at the time of this writing. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on PingFederate for single sign-on (SSO) and identity federation are at risk. Specifically, deployments utilizing the REST API for custom integrations or data synchronization are particularly vulnerable. Environments with weak input validation on the REST API endpoints are also at higher risk.
• other / generic web:
curl -X POST -d '{"malicious_json": "test"}' <pingfederate_rest_api_endpoint> | grep -i "error"• other / generic web:
# Check PingFederate logs for unusual JSON POST requests
zgrep -i "malicious_json" /path/to/pingfederate/logs/*disclosure
Exploit-Status
EPSS
0.14% (34% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-21832 is to upgrade PingFederate to version 12.0.1 or later. If immediate upgrading is not feasible, consider implementing input validation and sanitization on the REST API endpoints to prevent the injection of malicious JSON payloads. Web application firewalls (WAFs) configured to inspect and filter JSON payloads can also provide a layer of defense. Review and restrict access to the REST API endpoints to limit the potential attack surface. After upgrade, confirm the vulnerability is resolved by attempting a POST request with a known malicious JSON payload and verifying that it is properly rejected.
Aktualisieren Sie PingFederate auf die neueste verfügbare Version, die die JSON-Injektionsschwachstelle behebt. Konsultieren Sie die Sicherheitsankündigung des Anbieters für spezifische Details zu den behobenen Versionen und den Aktualisierungsanweisungen. Wenden Sie Sicherheitsupdates so bald wie möglich an, um das Risiko einer Ausnutzung zu mindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-21832 is a LOW severity JSON injection vulnerability in PingFederate versions 11.0.0–12.0.0, allowing attackers to manipulate data via the REST API POST method.
If you are running PingFederate versions 11.0.0 through 12.0.0 and utilize the REST API, you are potentially affected by this vulnerability.
Upgrade PingFederate to version 12.0.1 or later to remediate the vulnerability. Implement stricter input validation as a temporary workaround.
Currently, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation, but proactive mitigation is still recommended.
Refer to the PingFederate security advisory for detailed information and mitigation guidance: [https://docs.pingidentity.com/pingfederate/12.0.1/pdf/SecurityAdvisory.pdf](https://docs.pingidentity.com/pingfederate/12.0.1/pdf/SecurityAdvisory.pdf)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.