Vulnerabilities > Pingidentity

DATE CVE VULNERABILITY TITLE RISK
2022-05-02 CVE-2022-23722 Improper Authentication vulnerability in Pingidentity Pingfederate
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
3.5
2022-05-02 CVE-2022-23723 Improper Authentication vulnerability in Pingidentity Pingone MFA Integration KIT
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
network
low complexity
pingidentity CWE-287
7.5
2022-04-30 CVE-2021-41992 Improper Authentication vulnerability in Pingidentity Pingid Integration for Windows Login
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
network
low complexity
pingidentity CWE-287
5.0
2022-04-30 CVE-2021-41993 Use of Insufficiently Random Values vulnerability in Pingidentity Pingid and Pingid Windows Login
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
1.9
2022-04-30 CVE-2021-41994 Use of Insufficiently Random Values vulnerability in Pingidentity Pingid and Pingid Windows Login
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
1.9
2022-04-30 CVE-2021-42001 Exposure of Resource to Wrong Sphere vulnerability in Pingidentity Pingid Desktop
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure.
network
low complexity
pingidentity CWE-668
5.0
2022-02-10 CVE-2021-42000 Incorrect Authorization vulnerability in Pingidentity Pingfederate 6.10.1/9.3.3
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
3.5
2021-10-07 CVE-2021-41770 XXE vulnerability in Pingidentity Pingfederate 6.10.1
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.
network
low complexity
pingidentity CWE-611
5.0
2021-09-27 CVE-2021-40329 Unspecified vulnerability in Pingidentity Pingfederate 6.10.1
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
network
low complexity
pingidentity
7.5
2021-09-24 CVE-2021-31923 HTTP Request Smuggling vulnerability in Pingidentity Pingaccess
Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.
network
low complexity
pingidentity CWE-444
5.0