CVE-2024-25566

EUVD-2024-22894
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
forgerockaccess_management
𝑥
≤ 7.0.2
forgerockaccess_management
7.1.0 ≤
𝑥
≤ 7.1.4
forgerockaccess_management
7.2.0 ≤
𝑥
≤ 7.2.2
forgerockaccess_management
7.3.0
forgerockaccess_management
7.3.1
forgerockaccess_management
7.4.0
forgerockaccess_management
7.4.1
forgerockaccess_management
7.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://backstage.forgerock.com/downloads/browse/am/featured
https://backstage.forgerock.com/knowledge/advisories/article/a63463303