VYPR

PingAccess

by Pingidentity

CVEs (3)

  • CVE-2024-23316HigMay 31, 2024
    risk 0.57cvss epss 0.01

    HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.

  • CVE-2024-23983MedNov 11, 2024
    risk 0.38cvss epss 0.00

    Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.

  • CVE-2021-31923Sep 24, 2021
    risk 0.00cvss epss 0.01

    Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.