PingAccess
by Pingidentity
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23316 | Hig | 0.57 | — | 0.01 | May 31, 2024 | HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests. | ||
| CVE-2024-23983 | Med | 0.38 | — | 0.00 | Nov 11, 2024 | Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. | ||
| CVE-2021-31923 | 0.00 | — | 0.01 | Sep 24, 2021 | Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. |
- risk 0.57cvss —epss 0.01
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.
- risk 0.38cvss —epss 0.00
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
- CVE-2021-31923Sep 24, 2021risk 0.00cvss —epss 0.01
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.