Vulnerability Details : CVE-2014-8489
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter.
Vulnerability category: Open redirect
Products affected by CVE-2014-8489
- cpe:2.3:a:pingidentity:pingfederate:6.10.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8489
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8489
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
References for CVE-2014-8489
-
http://seclists.org/fulldisclosure/2014/Dec/35
Full Disclosure: CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability
-
http://packetstormsecurity.com/files/129454/PingFederate-6.10.1-SP-Endpoints-Open-Redirect.html
PingFederate 6.10.1 SP Endpoints Open Redirect ≈ Packet Storm
-
http://tetraph.com/security/cves/cve-2014-8489-ping-identity-corporation-pingfederate-6-10-1-sp-endpoints-dest-redirect-privilege-escalation-security-vulnerability/
CVE-2014-8489 Ping Identity Corporation “PingFederate 6.10.1 SP Endpoints” Dest Redirect Privilege Escalation Security Vulnerability – Information Security - Tetraph
Jump to