CVE-2023-34085

Опубликовано: 25 окт. 2023

Источник: nvd

CVSS3: 2.6

CVSS3: 4.3

EPSS Низкий

Описание

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request

Ссылки

https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244
Release Notes
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Release Notes
https://docs.pingidentity.com/r/en-us/pingfederate-113/gyk1689105783244
Release Notes
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*

Версия до 11.3.0 (включая)

EPSS

Процентиль: 41%

0.00194

Низкий

2.6 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-359

NVD-CWE-noinfo

Связанные уязвимости

GHSA-qq98-52pp-9245

CVSS3: 2.6

github

больше 2 лет назад

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request

EPSS

Процентиль: 41%

0.00194

Низкий

2.6 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-359

NVD-CWE-noinfo