CVE-2024-25566

Summary

An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingAM7.5.0affected
Ping IdentityPingAM7.4.0 <= 7.4.1affected
Ping IdentityPingAM7.3.0 <= 7.3.1affected
Ping IdentityPingAM7.2.0 <= 7.2.2affected
Ping IdentityPingAM7.1.0 <= 7.1.4affected
Ping IdentityPingAM0 <= 7.0.2affected

Weaknesses

  • CWE-601: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References