Vulnerabilities > Pingidentity > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-30 | CVE-2022-23717 | Improper Resource Shutdown or Release vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. | 4.9 |
| 2022-06-30 | CVE-2022-23719 | Missing Authentication for Critical Function vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. | 6.4 |
| 2022-06-30 | CVE-2022-23720 | Improper Privilege Management vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. | 4.4 |
| 2022-06-30 | CVE-2022-23725 | Incorrect Permission Assignment for Critical Resource vulnerability in Pingidentity Pingid Integration for Windows Login PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. | 5.5 |
| 2022-05-02 | CVE-2022-23722 | Improper Authentication vulnerability in Pingidentity Pingfederate When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. | 6.5 |
| 2022-05-02 | CVE-2022-23723 | Improper Authentication vulnerability in Pingidentity Pingone MFA Integration KIT An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | 5.0 |
| 2021-09-24 | CVE-2021-31923 | HTTP Request Smuggling vulnerability in Pingidentity Pingaccess Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. | 5.3 |
| 2019-07-11 | CVE-2019-13564 | Cross-site Scripting vulnerability in Pingidentity Agentless Integration KIT XSS exists in Ping Identity Agentless Integration Kit before 1.5. | 6.1 |
| 2014-12-12 | CVE-2014-8489 | Remote Security vulnerability in Pingidentity Pingfederate 6.10.1 Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter. | 6.4 |