Pingidentity: >> Pingfederate >> 10.3.13 Security Vulnerabilities
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-07-09
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
CVSS Score
1.8
EPSS Score
0.001
Published
2024-07-09
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
CVSS Score
2.6
EPSS Score
0.002
Published
2023-10-25