CVE-2014-8489

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-8489
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter.

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://seclists.org/fulldisclosure/2014/Dec/35
http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html
http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:pingidentity:pingfederate:6.10.1:*:*:*:*:*:*:*
Information

Published : 2014-12-12 07:59

Updated : 2014-12-16 05:54

NVD link : CVE-2014-8489

Mitre link : CVE-2014-8489

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

pingidentity

  • pingfederate