CVE-2023-39219

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Oct 25, 2023
Updated: Feb 1, 2024
CWE ID 400

Summary

CVE-2023-39219: A vulnerability has been identified in the administrative console of PingFederate, where a weakness in a dependency can cause the console to become unresponsive due to crafted Java class loading enumeration requests. This issue could lead to denial-of-service conditions and potentially allow unauthorized access if an attacker successfully exploits it. Users are advised to apply the available patch or update to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PingFederate

Affected Vendors

  • Ping Identity Corp