Shodan
Vulnerabilities
Vulnerable Software
Pingidentity:  Security Vulnerabilities
CVE-2024-22377
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-07-09
CVE-2024-22477
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
CVSS Score
1.8
EPSS Score
0.001
Published
2024-07-09
CVE-2023-40545
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-06
CVE-2023-36496
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
CVSS Score
7.7
EPSS Score
0.0
Published
2024-02-01
CVE-2023-39231
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-10-25
CVE-2023-39930
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-10-25
CVE-2023-34085
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
CVSS Score
2.6
EPSS Score
0.002
Published
2023-10-25
CVE-2023-37283
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-25
CVE-2023-39219
PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-25
CVE-2022-23721
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.
CVSS Score
3.8
EPSS Score
0.0
Published
2023-04-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved