CVE-2023-40148

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Apr 10, 2024

CWE ID 918

Summary

CVE-2023-40148 is a serious vulnerability affecting PingFederate. This issue permits unauthenticated attackers to carry out Server-side Request Forgery (SSRF) attacks. By crafting forged HTTP POST requests, adversaries can access and manipulate network resources, potentially leading to consumption of significant server-side resources. These actions could result in denial-of-service conditions or unauthorized data access. Organizations utilizing PingFederate are urged to address this vulnerability promptly to mitigate potential risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sdOimY
https://www.cve.org/CVERecord?id=CVE-2023-40148
https://nvd.nist.gov/vuln/detail/CVE-2023-40148

Back to Vulnerability Database

CVE-2023-40148

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations