Vulnerabilities > CVE-2021-41770 - XXE vulnerability in Pingidentity Pingfederate
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://docs.pingidentity.com/bundle/pingfederate-103/page/ruz1628492711606.html
- https://docs.pingidentity.com/bundle/pingfederate-103/page/ruz1628492711606.html
- https://www.pingidentity.com/en/resources/downloads/pingfederate.html
- https://www.pingidentity.com/en/resources/downloads/pingfederate.html