Ping Identity · Pingidm · CVE-2024-23600
**Name of the Vulnerable Software and Affected Versions**
PingIDM (affected versions not specified)
**Description**
The issue is related to improper input validation of query search results for private field data in the Query Filter module of PingIDM. This allows for a potentially efficient brute forcing approach, leading to information disclosure. The problem can be exploited to guess passwords with less effort than expected.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.