Vulnerabilities > Pingidentity > Pingfederate > 11.0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-22377 | Path Traversal vulnerability in Pingidentity Pingfederate The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | 5.3 |
| 2024-07-09 | CVE-2024-22477 | Cross-site Scripting vulnerability in Pingidentity Pingfederate A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. | 4.3 |
| 2023-10-25 | CVE-2023-34085 | Unspecified vulnerability in Pingidentity Pingfederate When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request | 4.3 |
| 2023-04-25 | CVE-2022-40724 | Cross-Site Request Forgery (CSRF) vulnerability in Pingidentity Pingfederate The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | 8.8 |