Latest pingidentity pingfederate Vulnerabilities

PingFederate OAuth client_secret_jwt Authentication Bypass
Pingidentity Pingfederate=11.3.0
PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests
Pingidentity Pingfederate>=10.3.0<=10.3.12
Pingidentity Pingfederate>=11.1.0<=11.1.7
Pingidentity Pingfederate>=11.2.0<=11.2.6
Pingidentity Pingfederate=11.3.0
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
Pingidentity Pingfederate>=10.3.0<=10.3.12
Pingidentity Pingfederate>=11.1.0<=11.1.7
Pingidentity Pingfederate>=11.2.0<=11.2.6
Pingidentity Pingfederate=11.3.0
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
Pingidentity Pingfederate<=11.3.0
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading ...
Pingidentity Pingfederate>=11.1.0<=11.1.5
Pingidentity Pingfederate>=11.2.0<=11.2.2
Pingidentity Pingid Adapter For Pingfederate<2.13.2
Pingidentity Pingid Integration Kit<2.24
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.
Pingidentity Pingfederate>=10.3.0<=10.3.11
Pingidentity Pingfederate>=11.0.0<=11.0.6
Pingidentity Pingfederate>=11.1.0<=11.1.5
Pingidentity Pingfederate>=11.2.0<=11.2.2
Pingidentity Pingfederate>=11.1.0<=11.1.5
Pingidentity Pingfederate>=11.2.0<=11.2.2
Pingidentity Pingid Integration Kit<2.24
Pingidentity Radius Pcv>=3.0.0<3.0.2
Pingidentity Radius Pcv=2.10.0
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another exi...
Pingidentity Pingfederate>=9.3.0<9.3.3
Pingidentity Pingfederate>=10.0.0<10.0.12
Pingidentity Pingfederate>=10.1.0<10.1.9
Pingidentity Pingfederate>=10.2.0<10.2.7
Pingidentity Pingfederate>=10.3.0<10.3.4
Pingidentity Pingfederate=9.3.3-p15
and 1 more
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can res...
Pingidentity Pingfederate<=9.3.0
Pingidentity Pingfederate>=10.0.0<=10.0.11
Pingidentity Pingfederate>=10.1.0<=10.1.8
Pingidentity Pingfederate>=10.2.0<=10.2.6
Pingidentity Pingfederate>=10.3.0<=10.3.2
Pingidentity Pingfederate=9.3.3
and 1 more
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
Pingidentity Pingfederate<10.3.1
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
Pingidentity Pingfederate<10.3

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203