CVE-2023-39219
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Oct 25, 2023
Updated: Feb 1, 2024
CWE ID 400
Summary
CVE-2023-39219: A vulnerability has been identified in the administrative console of PingFederate, where a weakness in a dependency can cause the console to become unresponsive due to crafted Java class loading enumeration requests. This issue could lead to denial-of-service conditions and potentially allow unauthorized access if an attacker successfully exploits it. Users are advised to apply the available patch or update to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- PingFederate
Affected Vendors
- Ping Identity Corp