Platform
other
Component
pingfederate
Fixed in
11.0.10
11.1.10
11.2.9
11.3.5
12.0.1
CVE-2024-21832 describes a JSON injection vulnerability affecting PingFederate versions 11.0.0 through 12.0.0. This flaw allows attackers to potentially inject malicious JSON payloads into PingFederate’s REST API data stores when using the POST method. Successful exploitation could lead to data manipulation and unauthorized access. A fix is available in version 12.0.1.
The JSON injection vulnerability in PingFederate allows an attacker to craft a malicious JSON request and submit it via the REST API’s POST method. If successful, the attacker can inject arbitrary JSON data into PingFederate's data stores. This could lead to unauthorized modifications of user profiles, authentication policies, or other sensitive configuration data. The impact is limited to the data accessible through the REST API and depends on the attacker's ability to craft a valid JSON payload that bypasses any existing input validation mechanisms. While the CVSS score is LOW, the potential for data manipulation warrants immediate attention.
CVE-2024-21832 was publicly disclosed on July 9, 2024. Currently, there are no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog. Given the LOW CVSS score and lack of public exploits, the probability of active exploitation is considered low, but proactive mitigation is still recommended.
Exploit Status
EPSS
0.14% (34% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-21832 is to upgrade PingFederate to version 12.0.1 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing stricter input validation on the REST API endpoints to sanitize JSON payloads and prevent malicious data from being stored. Review and enhance existing WAF rules to detect and block suspicious JSON POST requests targeting the affected API endpoints. Monitor PingFederate logs for unusual activity or unexpected JSON payloads. After upgrade, confirm by testing the affected REST API endpoints with various valid and invalid JSON payloads to ensure proper sanitization.
Update PingFederate to the latest available version that addresses the JSON injection vulnerability. Refer to the vendor security advisory for specific details on patched versions and upgrade instructions. Apply security updates as soon as possible to mitigate the risk of exploitation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-21832 is a LOW severity JSON injection vulnerability in PingFederate versions 11.0.0–12.0.0, allowing attackers to manipulate data via the REST API POST method.
If you are running PingFederate versions 11.0.0 through 12.0.0 and utilize the REST API, you are potentially affected by this vulnerability.
Upgrade PingFederate to version 12.0.1 or later to remediate the vulnerability. Implement stricter input validation as a temporary workaround.
Currently, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation, but proactive mitigation is still recommended.
Refer to the PingFederate security advisory for detailed information and mitigation guidance: [https://docs.pingidentity.com/pingfederate/12.0.1/pdf/SecurityAdvisory.pdf](https://docs.pingidentity.com/pingfederate/12.0.1/pdf/SecurityAdvisory.pdf)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.