Vulnerabilities > Pingidentity
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-25 | CVE-2022-40724 | Cross-Site Request Forgery (CSRF) vulnerability in Pingidentity Pingfederate 10.3.0/10.3.4/11.0.0 The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | 8.8 |
| 2023-04-25 | CVE-2022-40725 | Missing Authentication for Critical Function vulnerability in Pingidentity Desktop PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. | 6.1 |
| 2023-04-10 | CVE-2018-25084 | Cross-site Scripting vulnerability in Pingidentity Self-Service Account Manager 1.1.2 A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. | 6.1 |
| 2022-09-30 | CVE-2022-23726 | Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingcentral PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | 4.9 |
| 2022-06-30 | CVE-2021-41995 | Improper Authentication vulnerability in Pingidentity Pingid Integration for mac Login A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 5.0 |
| 2022-06-30 | CVE-2022-23717 | Improper Resource Shutdown or Release vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. | 4.9 |
| 2022-06-30 | CVE-2022-23718 | Unspecified vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. | 9.3 |
| 2022-06-30 | CVE-2022-23719 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. | 6.4 |
| 2022-06-30 | CVE-2022-23720 | Improper Privilege Management vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. | 4.4 |
| 2022-06-30 | CVE-2022-23725 | Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. | 5.5 |