Pingidentity: >> Pingfederate Security Vulnerabilities
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-02-10
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-07
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-27
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter.
CVSS Score
6.4
EPSS Score
0.003
Published
2014-12-12
Page 2