CVE-2022-40724
medium
ForgeRock CVSS v3 Base Score
6.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
High
Published: April 25, 2023 (1114 days ago)
Last Modified: November 21, 2024
Vendor: ForgeRock
Source: NVD
Vulnerability Report
Generated by CyberWatcher
Description
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.