Vulnerabilities > Pingidentity > Pingfederate > 10.3.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-34085 | Unspecified vulnerability in Pingidentity Pingfederate When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request | 4.3 |
| 2023-10-25 | CVE-2023-37283 | Improper Authentication vulnerability in Pingidentity Pingfederate Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter | 9.8 |
| 2023-10-25 | CVE-2023-39219 | Resource Exhaustion vulnerability in Pingidentity Pingfederate PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests | 7.5 |
| 2023-04-25 | CVE-2022-40724 | Cross-Site Request Forgery (CSRF) vulnerability in Pingidentity Pingfederate 10.3.0/10.3.4/11.0.0 The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | 8.8 |