Vulnerability in Pingidentity Pingfederate
CVE-2014-8489
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter.
EPSS: 0.029 (85.2th percentile) — read the EPSS interpretation.
Affected products
- Pingidentity Pingfederate — versions 6.10.1
- N/a — versions n/a
References
- cve@mitre.org (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)