CVE-2024-22477 LOW

CVE-2024-22477: PingFederate OIDC Policy Management Editor Cross-Site Scripting

Vendor Ping Identity
Product PingFederate
Weakness CWE-79 · XSS
Published July 9, 2024
Last update August 1, 2024

CVSS base score

1.8/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.

Key dates

02Disclosure timeline

July 9, 2024 CVE published
August 1, 2024 Record updated