Skip to main content

Pingidm

1 CVEs product

Monthly

CVE-2025-20628 MEDIUM This Month

Remote attackers can spoof client-mode Remote Connector Servers in PingIDM to intercept and modify identity security properties including passwords and account recovery information, due to insufficient access control granularity that prevents administrators from properly restricting RCS communications. This vulnerability affects PingIDM deployments using Remote Connector Servers in client mode and requires specific RCS configuration to be exploitable; no public exploit code has been identified at the time of analysis.

Information Disclosure Pingidm
NVD
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 6.9
MEDIUM This Month

Remote attackers can spoof client-mode Remote Connector Servers in PingIDM to intercept and modify identity security properties including passwords and account recovery information, due to insufficient access control granularity that prevents administrators from properly restricting RCS communications. This vulnerability affects PingIDM deployments using Remote Connector Servers in client mode and requires specific RCS configuration to be exploitable; no public exploit code has been identified at the time of analysis.

Information Disclosure Pingidm
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy