Vulnerabilities > Pingidentity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2022-40722 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Pingidentity products A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | 5.8 |
| 2023-04-25 | CVE-2022-40723 | Improper Authentication vulnerability in Pingidentity Pingfederate, Pingid Integration KIT and Radius PCV The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | 6.5 |
| 2023-04-25 | CVE-2022-40724 | Cross-Site Request Forgery (CSRF) vulnerability in Pingidentity Pingfederate 10.3.0/10.3.4/11.0.0 The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | 8.8 |
| 2023-04-25 | CVE-2022-40725 | Missing Authentication for Critical Function vulnerability in Pingidentity Desktop PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. | 6.1 |
| 2023-04-10 | CVE-2018-25084 | Cross-site Scripting vulnerability in Pingidentity Self-Service Account Manager 1.1.2 A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. | 6.1 |
| 2022-09-30 | CVE-2022-23726 | Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingcentral PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | 4.9 |
| 2022-06-30 | CVE-2021-41995 | Improper Authentication vulnerability in Pingidentity Pingid Integration for mac Login A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 5.0 |
| 2022-06-30 | CVE-2022-23717 | Improper Resource Shutdown or Release vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. | 4.9 |
| 2022-06-30 | CVE-2022-23718 | Unspecified vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. | 9.3 |
| 2022-06-30 | CVE-2022-23719 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. | 6.4 |