Vulnerability in Pingidentity Pingfederate

CVE-2014-8489

Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter.

EPSS: 0.029 (85.2th percentile) — read the EPSS interpretation.

Affected products

References