Pingidentity: >> Pingfederate >> 10.1.9 Security Vulnerabilities
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
CVSS Score
2.6
EPSS Score
0.002
Published
2023-10-25
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-07
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-27