) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Keyword (text search): cpe:2.3:a:pingidentity:pingfederate:9.3.3:-:*:*:*:*:*:*
- CPE Name Search: true
There are 4 matching records.
Displaying matches 1 through 4.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-34085 |
When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request Published: October 25, 2023; 2:17:28 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
| CVE-2021-42000 |
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. Published: February 10, 2022; 6:15:07 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 3.5 LOW |
| CVE-2021-41770 |
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure. Published: October 07, 2021; 3:15:10 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2021-40329 |
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management. Published: September 27, 2021; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |