Pingfederate
by Pingidentity
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-25573 | Med | 0.45 | — | 0.00 | Jun 15, 2025 | Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing. | ||
| CVE-2023-40148 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2024 | Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. | ||
| CVE-2024-21832 | Low | 0.23 | 3.5 | 0.00 | Jul 9, 2024 | A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body. | ||
| CVE-2025-21085 | Low | 0.14 | — | 0.00 | Jun 15, 2025 | PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization. | ||
| CVE-2025-26862 | Non | 0.00 | — | 0.00 | Oct 27, 2025 | Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks. | ||
| CVE-2024-22377 | 0.00 | — | 0.00 | Jul 9, 2024 | The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | |||
| CVE-2024-22477 | 0.00 | — | 0.00 | Jul 9, 2024 | A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only. | |||
| CVE-2023-40545 | 0.00 | — | 0.01 | Feb 6, 2024 | Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests. | |||
| CVE-2023-34085 | 0.00 | — | 0.00 | Oct 25, 2023 | When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request | |||
| CVE-2023-39219 | 0.00 | — | 0.01 | Oct 25, 2023 | PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests | |||
| CVE-2023-37283 | 0.00 | — | 0.01 | Oct 25, 2023 | Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter | |||
| CVE-2023-39930 | 0.00 | — | 0.01 | Oct 24, 2023 | A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | |||
| CVE-2023-39231 | 0.00 | — | 0.01 | Oct 24, 2023 | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of… | |||
| CVE-2022-40724 | 0.00 | — | 0.00 | Apr 25, 2023 | The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | |||
| CVE-2022-23722 | 0.00 | — | 0.01 | May 2, 2022 | When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. | |||
| CVE-2021-42000 | 0.00 | — | 0.01 | Feb 10, 2022 | When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. | |||
| CVE-2021-41770 | 0.00 | — | 0.01 | Oct 7, 2021 | Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | |||
| CVE-2021-40329 | 0.00 | — | 0.01 | Sep 27, 2021 | The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. | |||
| CVE-2014-8489 | 0.00 | — | 0.03 | Dec 12, 2014 | Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter. |
- risk 0.45cvss —epss 0.00
Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.
- risk 0.42cvss 6.5epss 0.00
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.
- risk 0.23cvss 3.5epss 0.00
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.
- risk 0.14cvss —epss 0.00
PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.
- risk 0.00cvss —epss 0.00
Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.
- CVE-2024-22377Jul 9, 2024risk 0.00cvss —epss 0.00
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
- CVE-2024-22477Jul 9, 2024risk 0.00cvss —epss 0.00
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
- CVE-2023-40545Feb 6, 2024risk 0.00cvss —epss 0.01
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
- CVE-2023-34085Oct 25, 2023risk 0.00cvss —epss 0.00
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
- CVE-2023-39219Oct 25, 2023risk 0.00cvss —epss 0.01
PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests
- CVE-2023-37283Oct 25, 2023risk 0.00cvss —epss 0.01
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
- CVE-2023-39930Oct 24, 2023risk 0.00cvss —epss 0.01
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
- CVE-2023-39231Oct 24, 2023risk 0.00cvss —epss 0.01
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of…
- CVE-2022-40724Apr 25, 2023risk 0.00cvss —epss 0.00
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.
- CVE-2022-23722May 2, 2022risk 0.00cvss —epss 0.01
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
- CVE-2021-42000Feb 10, 2022risk 0.00cvss —epss 0.01
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
- CVE-2021-41770Oct 7, 2021risk 0.00cvss —epss 0.01
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
- CVE-2021-40329Sep 27, 2021risk 0.00cvss —epss 0.01
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
- CVE-2014-8489Dec 12, 2014risk 0.00cvss —epss 0.03
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter.