Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pingfederate
(Pingidentity)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-06 | CVE-2023-40545 | Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests. | Pingfederate | 9.8 | ||
| 2024-07-09 | CVE-2024-22377 | The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | Pingfederate | 5.3 | ||
| 2024-07-09 | CVE-2024-22477 | A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only. | Pingfederate | 4.3 | ||
| 2014-12-12 | CVE-2014-8489 | Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter. | Pingfederate | N/A |