CVE-2023-40148 | Ping Identity PingFederate up to 11.0.8/11.1.8/11.2.7/11.3.2 HTTP POST Request server-side request forgery

Posted by Angelo Barbosa | Apr 10, 2024 | CVE

A vulnerability has been found in Ping Identity PingFederate up to 11.0.8/11.1.8/11.2.7/11.3.2 and classified as critical. This vulnerability affects unknown code of the component HTTP POST Request Handler. The manipulation leads to server-side request forgery.

This vulnerability was named CVE-2023-40148. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-40148 | Ping Identity PingFederate up to 11.0.8/11.1.8/11.2.7/11.3.2 HTTP POST Request server-side request forgery

Related Posts

CVE-2024-6507 | activeloopai deeplake up to 3.9.10 Kaggle ingest_kaggle command injection (jfsa-2024-0010)

CVE-2024-8538 | Big File Uploads Plugin up to 2.1.2 on WordPress information disclosure

CVE-2024-27197 | Bee BeePress Plugin up to 6.9.8 on WordPress cross-site request forgery

CVE-2024-2500 | ColorMag Plugin up to 3.1.6 on WordPress Display Name cross site scripting