Pingidentity: >> Pingfederate >> 6.10.1 Security Vulnerabilities
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
CVSS Score
2.6
EPSS Score
0.002
Published
2023-10-25
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-02-10
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-07
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-27
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter.
CVSS Score
6.4
EPSS Score
0.003
Published
2014-12-12