Vulnerabilities > Pingidentity

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2022-40722 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Pingidentity products
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
network
high complexity
pingidentity CWE-327
5.8
2023-04-25 CVE-2022-40723 Improper Authentication vulnerability in Pingidentity Pingfederate, Pingid Integration KIT and Radius PCV
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
network
low complexity
pingidentity CWE-287
6.5
2023-04-25 CVE-2022-40724 Cross-Site Request Forgery (CSRF) vulnerability in Pingidentity Pingfederate
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.
network
low complexity
pingidentity CWE-352
8.8
2023-04-25 CVE-2022-40725 Missing Authentication for Critical Function vulnerability in Pingidentity Desktop
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.
local
low complexity
pingidentity CWE-306
6.1
2023-04-10 CVE-2018-25084 Cross-site Scripting vulnerability in Pingidentity Self-Service Account Manager 1.1.2
A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2.
network
low complexity
pingidentity CWE-79
6.1
2022-09-30 CVE-2022-23726 Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingcentral
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.
network
low complexity
pingidentity CWE-732
4.9
2022-06-30 CVE-2021-41995 Improper Authentication vulnerability in Pingidentity Pingid Integration for mac Login
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass.
network
low complexity
pingidentity CWE-287
7.5
2022-06-30 CVE-2022-23717 Improper Resource Shutdown or Release vulnerability in Pingidentity Pingid Integration for Windows Login
PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication.
local
low complexity
pingidentity CWE-404
5.5
2022-06-30 CVE-2022-23718 Unspecified vulnerability in Pingidentity Pingid Integration for Windows Login
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution.
network
high complexity
pingidentity
8.1
2022-06-30 CVE-2022-23719 Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Integration for Windows Login
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests.
local
high complexity
pingidentity CWE-306
6.4