Vendor CVEs
Pingidentity
All CVEs
54 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20059 | Cri | 0.59 | 9.1 | 0.01 | Feb 20, 2025 | Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9. | ||
| CVE-2023-40356 | Hig | 0.57 | — | 0.00 | Jul 9, 2024 | PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from… | ||
| CVE-2024-23316 | Hig | 0.57 | — | 0.01 | May 31, 2024 | HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests. | ||
| CVE-2025-27935 | Hig | 0.56 | — | 0.00 | Dec 4, 2025 | The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication. | ||
| CVE-2017-6062 | Hig | 0.56 | 8.6 | 0.04 | Mar 2, 2017 | The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass… | ||
| CVE-2023-40702 | Hig | 0.50 | — | 0.00 | Jul 9, 2024 | PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability… | ||
| CVE-2017-6059 | Hig | 0.49 | 7.5 | 0.05 | Apr 12, 2017 | Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request. | ||
| CVE-2025-20628 | Med | 0.45 | — | 0.00 | Apr 7, 2026 | An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a… | ||
| CVE-2024-25573 | Med | 0.45 | — | 0.00 | Jun 15, 2025 | Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing. | ||
| CVE-2025-22854 | Med | 0.45 | — | 0.00 | Jun 15, 2025 | Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions. | ||
| CVE-2023-40148 | Med | 0.42 | 6.5 | 0.00 | Apr 10, 2024 | Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. | ||
| CVE-2026-20746 | Med | 0.41 | — | 0.00 | Jun 12, 2026 | Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values. | ||
| CVE-2024-23983 | Med | 0.38 | — | 0.00 | Nov 11, 2024 | Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules. | ||
| CVE-2024-21832 | Low | 0.23 | 3.5 | 0.00 | Jul 9, 2024 | A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body. | ||
| CVE-2024-23600 | Low | 0.18 | 2.7 | 0.01 | Aug 1, 2024 | Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. | ||
| CVE-2025-21085 | Low | 0.14 | — | 0.00 | Jun 15, 2025 | PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization. | ||
| CVE-2020-10654 | 0.01 | — | 0.03 | May 13, 2020 | Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. | |||
| CVE-2025-26862 | Non | 0.00 | — | 0.00 | Oct 27, 2025 | Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks. | ||
| CVE-2024-22377 | 0.00 | — | 0.00 | Jul 9, 2024 | The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | |||
| CVE-2024-22477 | 0.00 | — | 0.00 | Jul 9, 2024 | A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only. | |||
| CVE-2023-40545 | 0.00 | — | 0.01 | Feb 6, 2024 | Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests. | |||
| CVE-2023-34085 | 0.00 | — | 0.00 | Oct 25, 2023 | When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request | |||
| CVE-2023-39219 | 0.00 | — | 0.01 | Oct 25, 2023 | PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests | |||
| CVE-2023-37283 | 0.00 | — | 0.01 | Oct 25, 2023 | Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter | |||
| CVE-2023-39930 | 0.00 | — | 0.01 | Oct 24, 2023 | A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | |||
| CVE-2023-39231 | 0.00 | — | 0.01 | Oct 24, 2023 | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of… | |||
| CVE-2022-40724 | 0.00 | — | 0.00 | Apr 25, 2023 | The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | |||
| CVE-2022-40723 | 0.00 | — | 0.01 | Apr 25, 2023 | The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | |||
| CVE-2022-40725 | 0.00 | — | 0.00 | Apr 25, 2023 | PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. | |||
| CVE-2022-40722 | 0.00 | — | 0.00 | Apr 25, 2023 | A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | |||
| CVE-2022-23721 | 0.00 | — | 0.00 | Apr 25, 2023 | PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | |||
| CVE-2018-25084 | 0.00 | — | 0.01 | Apr 10, 2023 | A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross… | |||
| CVE-2022-23726 | 0.00 | — | 0.01 | Sep 30, 2022 | PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | |||
| CVE-2022-23725 | 0.00 | — | 0.00 | Jun 30, 2022 | PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. | |||
| CVE-2022-23720 | 0.00 | — | 0.00 | Jun 30, 2022 | PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by… | |||
| CVE-2022-23719 | 0.00 | — | 0.00 | Jun 30, 2022 | PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack… | |||
| CVE-2022-23718 | 0.00 | — | 0.02 | Jun 30, 2022 | PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed… | |||
| CVE-2022-23717 | 0.00 | — | 0.00 | Jun 30, 2022 | PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. | |||
| CVE-2021-41995 | 0.00 | — | 0.01 | Jun 30, 2022 | A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | |||
| CVE-2022-23724 | 0.00 | — | 0.00 | May 4, 2022 | Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. | |||
| CVE-2022-23723 | 0.00 | — | 0.01 | May 2, 2022 | An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | |||
| CVE-2022-23722 | 0.00 | — | 0.01 | May 2, 2022 | When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. | |||
| CVE-2021-42001 | 0.00 | — | 0.00 | Apr 30, 2022 | PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | |||
| CVE-2021-41994 | 0.00 | — | 0.00 | Apr 30, 2022 | A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | |||
| CVE-2021-41993 | 0.00 | — | 0.00 | Apr 30, 2022 | A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | |||
| CVE-2021-41992 | 0.00 | — | 0.00 | Apr 30, 2022 | A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | |||
| CVE-2021-42000 | 0.00 | — | 0.01 | Feb 10, 2022 | When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. | |||
| CVE-2021-41770 | 0.00 | — | 0.01 | Oct 7, 2021 | Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | |||
| CVE-2021-40329 | 0.00 | — | 0.01 | Sep 27, 2021 | The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. | |||
| CVE-2021-31923 | 0.00 | — | 0.01 | Sep 24, 2021 | Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. |
- risk 0.59cvss 9.1epss 0.01
Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.
- risk 0.57cvss —epss 0.00
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from…
- risk 0.57cvss —epss 0.01
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.
- risk 0.56cvss —epss 0.00
The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.
- risk 0.56cvss 8.6epss 0.04
The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass…
- risk 0.50cvss —epss 0.00
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability…
- risk 0.49cvss 7.5epss 0.05
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.
- risk 0.45cvss —epss 0.00
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a…
- risk 0.45cvss —epss 0.00
Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.
- risk 0.45cvss —epss 0.00
Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.
- risk 0.42cvss 6.5epss 0.00
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.
- risk 0.41cvss —epss 0.00
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.
- risk 0.38cvss —epss 0.00
Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
- risk 0.23cvss 3.5epss 0.00
A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.
- risk 0.18cvss 2.7epss 0.01
Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.
- risk 0.14cvss —epss 0.00
PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.
- CVE-2020-10654May 13, 2020risk 0.01cvss —epss 0.03
Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint.
- risk 0.00cvss —epss 0.00
Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.
- CVE-2024-22377Jul 9, 2024risk 0.00cvss —epss 0.00
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
- CVE-2024-22477Jul 9, 2024risk 0.00cvss —epss 0.00
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
- CVE-2023-40545Feb 6, 2024risk 0.00cvss —epss 0.01
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
- CVE-2023-34085Oct 25, 2023risk 0.00cvss —epss 0.00
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request
- CVE-2023-39219Oct 25, 2023risk 0.00cvss —epss 0.01
PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests
- CVE-2023-37283Oct 25, 2023risk 0.00cvss —epss 0.01
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
- CVE-2023-39930Oct 24, 2023risk 0.00cvss —epss 0.01
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.
- CVE-2023-39231Oct 24, 2023risk 0.00cvss —epss 0.01
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of…
- CVE-2022-40724Apr 25, 2023risk 0.00cvss —epss 0.00
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.
- CVE-2022-40723Apr 25, 2023risk 0.00cvss —epss 0.01
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
- CVE-2022-40725Apr 25, 2023risk 0.00cvss —epss 0.00
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.
- CVE-2022-40722Apr 25, 2023risk 0.00cvss —epss 0.00
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
- CVE-2022-23721Apr 25, 2023risk 0.00cvss —epss 0.00
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.
- CVE-2018-25084Apr 10, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross…
- CVE-2022-23726Sep 30, 2022risk 0.00cvss —epss 0.01
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.
- CVE-2022-23725Jun 30, 2022risk 0.00cvss —epss 0.00
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.
- CVE-2022-23720Jun 30, 2022risk 0.00cvss —epss 0.00
PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by…
- CVE-2022-23719Jun 30, 2022risk 0.00cvss —epss 0.00
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack…
- CVE-2022-23718Jun 30, 2022risk 0.00cvss —epss 0.02
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed…
- CVE-2022-23717Jun 30, 2022risk 0.00cvss —epss 0.00
PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication.
- CVE-2021-41995Jun 30, 2022risk 0.00cvss —epss 0.01
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
- CVE-2022-23724May 4, 2022risk 0.00cvss —epss 0.00
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.
- CVE-2022-23723May 2, 2022risk 0.00cvss —epss 0.01
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
- CVE-2022-23722May 2, 2022risk 0.00cvss —epss 0.01
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
- CVE-2021-42001Apr 30, 2022risk 0.00cvss —epss 0.00
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.
- CVE-2021-41994Apr 30, 2022risk 0.00cvss —epss 0.00
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
- CVE-2021-41993Apr 30, 2022risk 0.00cvss —epss 0.00
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
- CVE-2021-41992Apr 30, 2022risk 0.00cvss —epss 0.00
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
- CVE-2021-42000Feb 10, 2022risk 0.00cvss —epss 0.01
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
- CVE-2021-41770Oct 7, 2021risk 0.00cvss —epss 0.01
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
- CVE-2021-40329Sep 27, 2021risk 0.00cvss —epss 0.01
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
- CVE-2021-31923Sep 24, 2021risk 0.00cvss —epss 0.01
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
Page 1 of 2