Vulnerabilities > Pingidentity > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-01 | CVE-2023-36496 | Unspecified vulnerability in Pingidentity Pingdirectory Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server. | 8.8 |
| 2023-10-25 | CVE-2023-39219 | Resource Exhaustion vulnerability in Pingidentity Pingfederate PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests | 7.5 |
| 2023-04-25 | CVE-2022-40724 | Cross-Site Request Forgery (CSRF) vulnerability in Pingidentity Pingfederate The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | 8.8 |
| 2022-06-30 | CVE-2021-41995 | Improper Authentication vulnerability in Pingidentity Pingid Integration for mac Login A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 7.5 |
| 2022-06-30 | CVE-2022-23718 | Unspecified vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. | 8.1 |
| 2022-06-30 | CVE-2022-23720 | Improper Privilege Management vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. | 8.2 |
| 2022-05-04 | CVE-2022-23724 | Use of Hard-coded Credentials vulnerability in Pingidentity Pingid Integration for Windows Login Use of static encryption key material allows forging an authentication token to other users within a tenant organization. | 8.1 |
| 2022-05-02 | CVE-2022-23723 | Improper Authentication vulnerability in Pingidentity Pingone MFA Integration KIT An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | 7.7 |
| 2021-10-07 | CVE-2021-41770 | XXE vulnerability in Pingidentity Pingfederate Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. | 7.5 |
| 2021-08-18 | CVE-2021-39270 | Origin Validation Error vulnerability in Pingidentity RSA Securid Integration KIT In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur. | 7.5 |