Pingidentity: >> Pingfederate >> 11.3.0 Security Vulnerabilities
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-07-09
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
CVSS Score
1.8
EPSS Score
0.001
Published
2024-07-09
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-06
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
CVSS Score
2.6
EPSS Score
0.002
Published
2023-10-25
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
CVSS Score
8.1
EPSS Score
0.001
Published
2023-10-25
PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests
CVSS Score
7.5
EPSS Score
0.002
Published
2023-10-25