Skip to main content

Pingfederate

9 CVEs product

Monthly

CVE-2024-22477 MEDIUM This Month

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Pingfederate
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-22377 MEDIUM This Month

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Pingfederate
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39219 HIGH This Week

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Pingfederate
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37283 CRITICAL Act Now

Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingfederate
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-34085 MEDIUM This Month

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-23722 MEDIUM This Month

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-41770 HIGH This Week

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Pingfederate
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-40329 CRITICAL Act Now

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2014-8489 MEDIUM This Month

Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Pingfederate
NVD
CVSS 2.0
6.4
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

XSS Pingfederate
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Pingfederate
NVD
EPSS 1% CVSS 7.5
HIGH This Week

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Pingfederate
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingfederate
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Pingfederate
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pingfederate
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Pingfederate
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy