PT-2014-8556 · Ping Identity · Pingfederate

Jing Wang

Published

2014-12-12

Updated

2014-12-16

CVE-2014-8489

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions PingFederate version 6.10.1

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. This is achieved via a URL in the TargetResource parameter in the startSSO.ping endpoint.

Recommendations For PingFederate version 6.10.1, consider restricting access to the startSSO.ping endpoint to minimize the risk of exploitation. Avoid using the TargetResource parameter in this endpoint until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-8489

Affected Products

Pingfederate

PT-2014-8556 · Ping Identity · Pingfederate

CVE-2014-8489

Related Identifiers

Affected Products

References · 4