
Cloud Vulnerability DB
A community-led vulnerabilities database
The vulnerability (CVE-2024-22377) affects PingFederate runtime nodes, where the deploy directory is accessible to unauthorized users. This security issue impacts multiple versions of PingFederate, including versions 10.3.0 through 10.3.13, 11.0.0 through 11.0.9, 11.1.0 through 11.1.9, 11.2.0 through 11.2.8, 11.3.0 through 11.3.4, and version 12.0.0 (NVD).
The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - Path Traversal). It has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it is network accessible, requires low attack complexity, needs no privileges or user interaction, and can result in low confidentiality impact (NVD).
The vulnerability allows unauthorized users to access the deploy directory in PingFederate runtime nodes, potentially exposing sensitive information. The CVSS scoring indicates that while the vulnerability can lead to information disclosure, it does not impact system integrity or availability (NVD).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."