Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    98 vulnerabilities by Ping Identity

    CVE-2026-20746 (GCVE-0-2026-20746)

    Vulnerability from nvd – Published: 2026-06-12 02:16 – Updated: 2026-06-12 13:30
    VLAI
    Title
    PingDirectory copying of virtual attributes leads to memory exhaustion
    Summary
    Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing release of memory after effective lifetime
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingDirectory Affected: 9.3.0.0 , ≤ 9.3.0.8 (custom)
    Unknown: 10.1.0.0 , ≤ 10.1.0.5 (custom)
    Affected: 10.2.0.0 , ≤ 10.2.0.5 (custom)
    Affected: 10.3.0.0 , ≤ 10.3.0.3 (custom)
    Affected: 11.0.0.0 , < 11.0.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T13:30:44.116370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T13:30:51.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PingDirectory",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.0.8",
                  "status": "affected",
                  "version": "9.3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.1.0.5",
                  "status": "unknown",
                  "version": "10.1.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.2.0.5",
                  "status": "affected",
                  "version": "10.2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.3.0.3",
                  "status": "affected",
                  "version": "10.3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0.1",
                  "status": "affected",
                  "version": "11.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when\u0026nbsp;recent login history is enabled and copying virtual attributes that reference ds-privilege-name values."
                }
              ],
              "value": "Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when\u00a0recent login history is enabled and copying virtual attributes that reference ds-privilege-name values."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing release of memory after effective lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T02:16:59.690Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026"
            },
            {
              "url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
            },
            {
              "url": "https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes"
            }
          ],
          "source": {
            "advisory": "SECADV052",
            "defect": [
              "DS-51122"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PingDirectory copying of virtual attributes leads to memory exhaustion",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2026-20746",
        "datePublished": "2026-06-12T02:16:59.690Z",
        "dateReserved": "2026-01-07T15:15:23.456Z",
        "dateUpdated": "2026-06-12T13:30:51.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20628 (GCVE-0-2025-20628)

    Vulnerability from nvd – Published: 2026-04-07 22:33 – Updated: 2026-04-08 15:16
    VLAI
    Title
    Insufficient granularity of access control for Remote Connector Servers in client mode
    Summary
    An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingIDM Affected: 7.5.0 (custom)
    Affected: 7.4.0 , ≤ 7.4.1 (custom)
    Affected: 7.3.0 , ≤ 7.3.1 (custom)
    Affected: 7.2.0 , ≤ 7.2.2 (custom)
    Affected: 0 , ≤ 7.1.* (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20628",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T15:16:23.302687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T15:16:29.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PingIDM",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.1",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.2.2",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.1.*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "At least one RCS configured in client mode in PingIDM\u003cbr\u003e"
                }
              ],
              "value": "At least one RCS configured in client mode in PingIDM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity\u2019s security-relevant properties, such as passwords and account recovery information. This issue is exploitable \u003cb\u003eonly\u003c/b\u003e when an RCS is configured to run in client mode."
                }
              ],
              "value": "An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity\u2019s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/S:P/AU:Y/R:U/V:C/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220 Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T22:33:05.356Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://backstage.forgerock.com/knowledge/advisories/article/a14305629?rev=_newest"
            },
            {
              "url": "https://backstage.pingidentity.com/downloads/browse/idm/featured"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBoth of the following steps are required to mitigate the issue:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpgrade to one of the fixed versions listed previously.\u003c/li\u003e\u003cli\u003eSecure the \u003ci\u003e/openicf\u003c/i\u003e\u0026nbsp;endpoint using the new access and authentication configuration options (refer to\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.pingidentity.com/pingoneaic/latest/product-information/migration-dependent-features.html#current_migration_dependent_features\"\u003e\u0026nbsp;\u003cu\u003emigration dependent features\u003c/u\u003e\u0026nbsp;\u003c/a\u003efor more details).\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Both of the following steps are required to mitigate the issue:\n\n  *  Upgrade to one of the fixed versions listed previously.\n  *  Secure the /openicf\u00a0endpoint using the new access and authentication configuration options (refer to \u00a0migration dependent features\u00a0 https://docs.pingidentity.com/pingoneaic/latest/product-information/migration-dependent-features.html#current_migration_dependent_features for more details)."
            }
          ],
          "source": {
            "advisory": "202601",
            "defect": [
              "OPENIDM-20023"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Insufficient granularity of access control for Remote Connector Servers in client mode",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Configure a reverse proxy (such as PingGateway) to enforce IP and certificate-based rules to the \u003ci\u003e/openicf\u003c/i\u003e\u0026nbsp;endpoint.\u003cbr\u003e"
                }
              ],
              "value": "Configure a reverse proxy (such as PingGateway) to enforce IP and certificate-based rules to the /openicf\u00a0endpoint."
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Configure all RCS instances to run in server mode.\u003cbr\u003e"
                }
              ],
              "value": "Configure all RCS instances to run in server mode."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-20628",
        "datePublished": "2026-04-07T22:33:05.356Z",
        "dateReserved": "2025-01-13T16:41:43.939Z",
        "dateUpdated": "2026-04-08T15:16:29.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27935 (GCVE-0-2025-27935)

    Vulnerability from nvd – Published: 2025-12-04 20:38 – Updated: 2025-12-05 17:33
    VLAI
    Title
    Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit
    Summary
    The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity One-Time Passcode Integration Kit for PingFederate Affected: 1.0 , ≤ 1.1 (custom)
    Unaffected: 1.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-05T17:30:21.689498Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-05T17:33:20.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "One-Time Passcode Integration Kit for PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "1.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-04T20:38:31.922Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://support.pingidentity.com/s/article/SECADV051-PingFederate-OTP-Integration-Kit-authentication-bypass"
            },
            {
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            }
          ],
          "source": {
            "advisory": "SECADV051",
            "defect": [
              "IK-3752"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-27935",
        "datePublished": "2025-12-04T20:38:31.922Z",
        "dateReserved": "2025-04-16T01:21:55.178Z",
        "dateUpdated": "2025-12-05T17:33:20.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26862 (GCVE-0-2025-26862)

    Vulnerability from nvd – Published: 2025-10-27 14:39 – Updated: 2025-10-27 14:48
    VLAI
    Title
    PingFederate unexpected browser flow initiation in redirectless mode
    Summary
    Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 11.3.0 , < 11.3.14 (custom)
    Affected: 12.0.0 , < 12.0.10 (custom)
    Affected: 12.1.0 , < 12.1.9 (custom)
    Affected: 12.2.0 , < 12.2.6 (custom)
    Affected: 12.3.0 , < 12.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T14:48:01.060548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T14:48:11.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HTML Form Adapter"
              ],
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "11.3.14",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.0.10",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.1.9",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.2.6",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.3.3",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.3.14",
                      "versionStartIncluding": "11.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.0.10",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.9",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.2.6",
                      "versionStartIncluding": "12.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.3.3",
                      "versionStartIncluding": "12.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks."
                }
              ],
              "value": "Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            },
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 0,
                "baseSeverity": "NONE",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T14:39:41.284Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://support.pingidentity.com/s/article/PingFederate-unexpected-template-rendering-in-redirectless-mode"
            },
            {
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingFederate unexpected browser flow initiation in redirectless mode",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-26862",
        "datePublished": "2025-10-27T14:39:41.284Z",
        "dateReserved": "2025-04-16T01:21:55.185Z",
        "dateUpdated": "2025-10-27T14:48:11.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25573 (GCVE-0-2024-25573)

    Vulnerability from nvd – Published: 2025-06-15 15:25 – Updated: 2025-06-16 18:05
    VLAI
    Title
    Stored Cross-Site Scripting in Administrative Console Context
    Summary
    Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 12.1.0 , ≤ 12.1.4 (custom)
    Affected: 12.0.0 , ≤ 12.0.6 (custom)
    Affected: 11.3.0 , ≤ 11.3.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T18:05:33.459980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T18:05:43.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.0.6",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.3.9",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.2.10",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eUnsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/S:P/AU:N/R:U/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-15T15:25:38.540Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.pingidentity.com/pingfederate/12.1/release_notes/pf_release_notes.html"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            }
          ],
          "source": {
            "advisory": "SECADV048",
            "defect": [
              "PF-36304",
              "PF-36311",
              "PF-36313"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting in Administrative Console Context",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-25573",
        "datePublished": "2025-06-15T15:25:38.540Z",
        "dateReserved": "2024-02-29T23:52:30.507Z",
        "dateUpdated": "2025-06-16T18:05:43.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22854 (GCVE-0-2025-22854)

    Vulnerability from nvd – Published: 2025-06-15 15:00 – Updated: 2025-06-16 18:07
    VLAI
    Title
    Possible thread exhaustion from processing http responses in PingFederate Google Adapter
    Summary
    Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-394 - Unexpected Status Code or Return Value
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 1.0.1 , < 1.5.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22854",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T18:07:24.657856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T18:07:39.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Google Adapter",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "1.5.2",
                  "status": "affected",
                  "version": "1.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper handling of non-200 http responses in\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;the PingFederate Google Adapter\u003c/span\u003e\u0026nbsp;leads to thread exhaustion under normal usage conditions."
                }
              ],
              "value": "Improper handling of non-200 http responses in\u00a0the PingFederate Google Adapter\u00a0leads to thread exhaustion under normal usage conditions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            },
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:P/AU:Y/R:A/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-394",
                  "description": "CWE-394 Unexpected Status Code or Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-15T15:00:06.010Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.pingidentity.com/integrations/google/google_login_integration_kit/pf_google_cic_changelog.html"
            }
          ],
          "source": {
            "advisory": "SECADV048",
            "defect": [
              "IK-3678"
            ],
            "discovery": "USER"
          },
          "title": "Possible thread exhaustion from processing http responses in PingFederate Google Adapter",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-22854",
        "datePublished": "2025-06-15T15:00:06.010Z",
        "dateReserved": "2025-01-13T16:41:43.959Z",
        "dateUpdated": "2025-06-16T18:07:39.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-21085 (GCVE-0-2025-21085)

    Vulnerability from nvd – Published: 2025-06-15 14:25 – Updated: 2025-06-16 18:08
    VLAI
    Title
    PingFederate OAuth Grant attribute duplication may use excessive memory
    Summary
    PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-462 - Duplicate Key in Associative List
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 12.2.0 , < 12.2.4 (custom)
    Affected: 12.1.0 , < 12.1.9 (custom)
    Affected: 12.0 , < 12.0.9 (custom)
    Affected: 11.3.0 , < 11.3.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T18:08:12.829414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T18:08:20.514Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "PostgreSQL"
              ],
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "12.2.4",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.1.9",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.0.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.3.13",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization."
                }
              ],
              "value": "PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:P/AU:Y/R:A/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-462",
                  "description": "CWE-462 Duplicate Key in Associative List",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-15T14:25:39.067Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://support.pingidentity.com/s/article/PingFederate-grant-attribute-duplication-with-PostgreSQL"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "PingFederate OAuth Grant attribute duplication may use excessive memory",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Configuration options to mitigate:\u003cbr\u003e\u003cul\u003e\u003cli\u003eMinimum Interval to Roll Refresh Tokens\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRefresh Token Rolling Grace Period (Seconds)\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Configuration options to mitigate:\n  *  Minimum Interval to Roll Refresh Tokens\n  *  Refresh Token Rolling Grace Period (Seconds)"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-21085",
        "datePublished": "2025-06-15T14:25:39.067Z",
        "dateReserved": "2025-04-16T01:21:55.198Z",
        "dateUpdated": "2025-06-16T18:08:20.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20059 (GCVE-0-2025-20059)

    Vulnerability from nvd – Published: 2025-02-20 14:11 – Updated: 2025-02-20 14:27
    VLAI
    Title
    PingAM Java Policy Agent path traversal
    Summary
    Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingAM Java Policy Agent Affected: 0 , ≤ 5.10.3 (semver)
    Affected: 0 , ≤ 2023.11.1 (date)
    Affected: 0 , ≤ 2024.9 (date)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T14:25:41.533988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-23",
                    "description": "CWE-23 Relative Path Traversal",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T14:27:23.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "PingAM Java Policy Agent",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "5.10.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2023.11.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "date"
                },
                {
                  "lessThanOrEqual": "2024.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "date"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.\u003cp\u003eThis issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.\u003c/p\u003e"
                }
              ],
              "value": "Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-20T14:11:28.146Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://backstage.forgerock.com/knowledge/advisories/article/a61848355"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingAM Java Policy Agent path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-20059",
        "datePublished": "2025-02-20T14:11:28.146Z",
        "dateReserved": "2025-01-13T16:41:43.965Z",
        "dateUpdated": "2025-02-20T14:27:23.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23983 (GCVE-0-2024-23983)

    Vulnerability from nvd – Published: 2024-11-11 22:56 – Updated: 2024-11-12 18:51
    VLAI
    Title
    Access rules for PingAccess may be circumvented with URL-encoded characters
    Summary
    Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-177 - Improper Handling of URL Encoding
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingAccess Affected: 8.1.0 , < 8.1.1 (custom)
    Affected: 8.0.0 , < 8.0.4 (custom)
    Affected: 7.3.0 , < 7.3.5 (custom)
    Affected: 7.2.0 , < 7.2.4 (custom)
    Affected: 7.1.0 , < 7.1.5 (custom)
    Affected: 7.0.0 , < 7.0.8 (custom)
    Affected: 6.0.0 , < 6.3.9 (custom)
    Create a notification for this product.
    pingidentity pingaccess Affected: 8.1.0 , < 8.1.1 (custom)
    Affected: 8.0.0 , < 8.0.4 (custom)
    Affected: 7.3.0 , < 7.3.5 (custom)
    Affected: 7.2.0 , < 7.2.4 (custom)
    Affected: 7.1.0 , < 7.1.5 (custom)
    Affected: 7.0.0 , < 7.0.8 (custom)
    Affected: 6.0.0 , < 6.3.9 (custom)
        cpe:2.3:a:pingidentity:pingaccess:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pingidentity:pingaccess:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pingaccess",
                "vendor": "pingidentity",
                "versions": [
                  {
                    "lessThan": "8.1.1",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.4",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.3.5",
                    "status": "affected",
                    "version": "7.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.2.4",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.1.5",
                    "status": "affected",
                    "version": "7.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.0.8",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.3.9",
                    "status": "affected",
                    "version": "6.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T18:49:35.472344Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T18:51:50.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Rules engine"
              ],
              "product": "PingAccess",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "8.1.1",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.4",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.5",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.9",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.\u003cbr\u003e"
                }
              ],
              "value": "Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/S:P/AU:Y/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-177",
                  "description": "CWE-177 Improper Handling of URL Encoding",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-11T22:56:58.036Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/pingaccess/latest/release_notes/pa_811_rn.html"
            },
            {
              "url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html"
            }
          ],
          "source": {
            "defect": [
              "PA-15776"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Access rules for PingAccess may be circumvented with URL-encoded characters",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-23983",
        "datePublished": "2024-11-11T22:56:58.036Z",
        "dateReserved": "2024-02-29T23:52:30.472Z",
        "dateUpdated": "2024-11-12T18:51:50.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25566 (GCVE-0-2024-25566)

    Vulnerability from nvd – Published: 2024-10-29 15:34 – Updated: 2024-10-29 19:58
    VLAI
    Title
    Open Redirect in PingAM
    Summary
    An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingAM Affected: 7.5.0 (major release)
    Affected: 7.4.0 , ≤ 7.4.1 (maintenance release)
    Affected: 7.3.0 , ≤ 7.3.1 (maintenance release)
    Affected: 7.2.0 , ≤ 7.2.2 (maintenance release)
    Affected: 7.1.0 , ≤ 7.1.4 (maintenance release)
    Affected: 0 , ≤ 7.0.2 (maintenance release)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-29T19:58:14.725482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T19:58:25.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "PingAM",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "major release"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "maintenance release"
                },
                {
                  "lessThanOrEqual": "7.3.1",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "maintenance release"
                },
                {
                  "lessThanOrEqual": "7.2.2",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "maintenance release"
                },
                {
                  "lessThanOrEqual": "7.1.4",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "maintenance release"
                },
                {
                  "lessThanOrEqual": "7.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maintenance release"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-98",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-98 Phishing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T15:34:53.358Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://backstage.forgerock.com/downloads/browse/am/featured"
            },
            {
              "url": "https://backstage.forgerock.com/knowledge/advisories/article/a63463303"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Open Redirect in PingAM",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-25566",
        "datePublished": "2024-10-29T15:34:53.358Z",
        "dateReserved": "2024-02-29T23:52:30.493Z",
        "dateUpdated": "2024-10-29T19:58:25.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23600 (GCVE-0-2024-23600)

    Vulnerability from nvd – Published: 2024-08-01 16:55 – Updated: 2024-10-31 19:02
    VLAI
    Title
    PingIDM Query Filter Vulnerability
    Summary
    Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingIDM Affected: 7.0.0 , ≤ 7.5.0 (custom)
    Create a notification for this product.
    Credits
    Ksandros Apostoli Miguel García Martín
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T14:27:41.190673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:28:33.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-31T19:02:23.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Query Filter"
              ],
              "product": "PingIDM",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "7.5.0",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ksandros Apostoli"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Miguel Garc\u00eda Mart\u00edn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure."
                }
              ],
              "value": "Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            },
            {
              "capecId": "CAPEC-410",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-410 Information Elicitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:36:41.204Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://backstage.forgerock.com/knowledge/kb/article/a95212747"
            },
            {
              "url": "https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality"
            }
          ],
          "source": {
            "advisory": "SA202402",
            "discovery": "EXTERNAL"
          },
          "title": "PingIDM Query Filter Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-23600",
        "datePublished": "2024-08-01T16:55:22.291Z",
        "dateReserved": "2024-02-29T23:52:30.512Z",
        "dateUpdated": "2024-10-31T19:02:23.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22477 (GCVE-0-2024-22477)

    Vulnerability from nvd – Published: 2024-07-09 23:01 – Updated: 2024-08-01 22:51
    VLAI
    Title
    PingFederate OIDC Policy Management Editor Cross-Site Scripting
    Summary
    A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 11.0.0 , ≤ 11.0.9 (custom)
    Affected: 11.1.0 , ≤ 11.1.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.8 (custom)
    Affected: 11.3.0 , ≤ 11.3.4 (custom)
    Affected: 12.0.0 (custom)
    Affected: 10.3.0 , ≤ 10.3.13 (custom)
    Create a notification for this product.
    Date Public
    2024-07-09 22:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-10T13:29:31.833138Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T13:30:14.614Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:51:09.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
              "defaultStatus": "unaffected",
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.9",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.9",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.2.8",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.3.4",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.3.13",
                  "status": "affected",
                  "version": "10.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "All instances of PingFederate on vulnerable versions are vulnerable to this issue.\u003cbr\u003e"
                }
              ],
              "value": "All instances of PingFederate on vulnerable versions are vulnerable to this issue."
            }
          ],
          "datePublic": "2024-07-09T22:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T23:01:28.611Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingFederate OIDC Policy Management Editor Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-22477",
        "datePublished": "2024-07-09T23:01:28.611Z",
        "dateReserved": "2024-01-17T17:27:24.603Z",
        "dateUpdated": "2024-08-01T22:51:09.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22377 (GCVE-0-2024-22377)

    Vulnerability from nvd – Published: 2024-07-09 23:03 – Updated: 2024-08-01 22:43
    VLAI
    Title
    PingFederate Runtime Node Path Traversal
    Summary
    The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 11.0.0 , ≤ 11.0.9 (custom)
    Affected: 11.1.0 , ≤ 11.1.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.8 (custom)
    Affected: 11.3.0 , ≤ 11.3.4 (custom)
    Affected: 12.0.0 (custom)
    Affected: 10.3.0 , ≤ 10.3.13 (custom)
    Create a notification for this product.
    pingidentity pingfederate Affected: 10.3.0 , ≤ 10.3.13 (custom)
    Affected: 11.0.0 , ≤ 11.0.9 (custom)
    Affected: 11.1.0 , ≤ 11.1.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.8 (custom)
    Affected: 11.3.0 , ≤ 11.3.4 (custom)
        cpe:2.3:a:pingidentity:pingfederate:10.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:pingidentity:pingfederate:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:pingidentity:pingfederate:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:pingidentity:pingfederate:11.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    pingidentity pingfederate Affected: 12.0.0
        cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-07-09 22:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pingidentity:pingfederate:10.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:pingidentity:pingfederate:11.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:pingidentity:pingfederate:11.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:pingidentity:pingfederate:11.3.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "pingfederate",
                "vendor": "pingidentity",
                "versions": [
                  {
                    "lessThanOrEqual": "10.3.13",
                    "status": "affected",
                    "version": "10.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "11.0.9",
                    "status": "affected",
                    "version": "11.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "11.1.9",
                    "status": "affected",
                    "version": "11.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "11.2.8",
                    "status": "affected",
                    "version": "11.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "11.3.4",
                    "status": "affected",
                    "version": "11.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "pingfederate",
                "vendor": "pingidentity",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-15T13:15:10.302158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T16:13:24.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
              "defaultStatus": "unaffected",
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.9",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.9",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.2.8",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.3.4",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.3.13",
                  "status": "affected",
                  "version": "10.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "All instances of PingFederate on vulnerable versions are vulnerable to this issue.\u003cbr\u003e"
                }
              ],
              "value": "All instances of PingFederate on vulnerable versions are vulnerable to this issue."
            }
          ],
          "datePublic": "2024-07-09T22:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.\u003cbr\u003e"
                }
              ],
              "value": "The deploy directory in PingFederate runtime nodes is reachable to unauthorized users."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T23:03:27.722Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingFederate Runtime Node Path Traversal",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The deploy directory can be restricted by making changes to runtime jetty configuration.\u0026nbsp;\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "The deploy directory can be restricted by making changes to runtime jetty configuration."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-22377",
        "datePublished": "2024-07-09T23:03:27.722Z",
        "dateReserved": "2024-01-17T17:27:24.578Z",
        "dateUpdated": "2024-08-01T22:43:34.512Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21832 (GCVE-0-2024-21832)

    Vulnerability from nvd – Published: 2024-07-09 23:04 – Updated: 2024-08-01 22:27
    VLAI
    Title
    PingFederate REST API Data Store Injection
    Summary
    A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 11.0.0 , ≤ 11.0.9 (custom)
    Affected: 11.1.0 , ≤ 11.1.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.8 (custom)
    Affected: 11.3.0 , ≤ 11.3.4 (custom)
    Affected: 12.0.0 (custom)
    Create a notification for this product.
    Date Public
    2024-07-09 22:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21832",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-10T14:02:13.851282Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T14:03:06.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
              "defaultStatus": "unaffected",
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.9",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.9",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.2.8",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.3.4",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PingFederate instances running on vulnerable versions with REST data stores using the POST method and a JSON request body may be vulnerable to this issue.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "PingFederate instances running on vulnerable versions with REST data stores using the POST method and a JSON request body may be vulnerable to this issue."
            }
          ],
          "datePublic": "2024-07-09T22:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.\u003cbr\u003e"
                }
              ],
              "value": "A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T23:04:55.088Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingFederate REST API Data Store Injection",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "REST data stores using the POST method and a JSON request body should not be configured with variable references in the POST body.\u003cbr\u003e"
                }
              ],
              "value": "REST data stores using the POST method and a JSON request body should not be configured with variable references in the POST body."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-21832",
        "datePublished": "2024-07-09T23:04:55.088Z",
        "dateReserved": "2024-01-17T17:27:24.589Z",
        "dateUpdated": "2024-08-01T22:27:36.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40702 (GCVE-0-2023-40702)

    Vulnerability from nvd – Published: 2024-07-09 15:38 – Updated: 2024-08-02 18:38
    VLAI
    Title
    PingOne MFA Integration Kit MFA bypass
    Summary
    PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingOne MFA Integration Kit for PingFederate Affected: 0 , < 2.3.1 (custom)
    Create a notification for this product.
    pingidentity pingone_mfa_integration_kit Affected: 0 , < 2.3.1 (custom)
        cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-07-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pingone_mfa_integration_kit",
                "vendor": "pingidentity",
                "versions": [
                  {
                    "lessThan": "2.3.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40702",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T20:20:11.087770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T20:21:31.325Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:38:51.083Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
              "defaultStatus": "unaffected",
              "product": "PingOne MFA Integration Kit for PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-07-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PingOne MFA Integration Kit contains a vulnerability where the \u003ctt\u003eskipMFA\u003c/tt\u003e action can be configured such that user authentication does not require the second factor authentication from the user\u0027s existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user\u2019s first-factor credentials."
                }
              ],
              "value": "PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user\u0027s existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user\u2019s first-factor credentials."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T15:38:47.415Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "PingOne MFA Integration Kit MFA bypass",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Disable the Allow Users to Skip MFA Setup in your PingOne MFA adapter configuration.\u003cbr\u003e"
                }
              ],
              "value": "Disable the Allow Users to Skip MFA Setup in your PingOne MFA adapter configuration."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2023-40702",
        "datePublished": "2024-07-09T15:38:47.415Z",
        "dateReserved": "2023-08-25T16:59:38.691Z",
        "dateUpdated": "2024-08-02T18:38:51.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-40356 (GCVE-0-2023-40356)

    Vulnerability from nvd – Published: 2024-07-09 15:38 – Updated: 2024-08-02 18:31
    VLAI
    Title
    PingOne MFA Integration Kit MFA bypass
    Summary
    PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s existing registered devices. A threat actor might be able to exploit this vulnerability to register their own MFA device with a target user’s account if they have existing knowledge of the target user’s first factor credential.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingOne MFA Integration Kit for PingFederate Affected: 0 , < 2.3.1 (custom)
    Create a notification for this product.
    pingone pingone_mfa_intergration_kit_for_pingfederate Affected: 0 , < 2.3.1 (custom)
        cpe:2.3:a:pingone:pingone_mfa_intergration_kit_for_pingfederate:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-07-09 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pingone:pingone_mfa_intergration_kit_for_pingfederate:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pingone_mfa_intergration_kit_for_pingfederate",
                "vendor": "pingone",
                "versions": [
                  {
                    "lessThan": "2.3.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-40356",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T15:55:56.671068Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T16:01:04.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:31:53.903Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
              "defaultStatus": "unaffected",
              "product": "PingOne MFA Integration Kit for PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-07-09T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PingOne MFA Integration Kit contains a vulnerability related to the \u003ctt\u003ePrompt Users to Set Up MFA\u003c/tt\u003e configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target\u2019s existing registered devices. A threat actor might be able to exploit this vulnerability to register their own MFA device with a target user\u2019s account if they have existing knowledge of the target user\u2019s first factor credential.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target\u2019s existing registered devices. A threat actor might be able to exploit this vulnerability to register their own MFA device with a target user\u2019s account if they have existing knowledge of the target user\u2019s first factor credential."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T15:38:56.245Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "PingOne MFA Integration Kit MFA bypass",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Disable the Prompt Users to Set Up MFA option in your PingOne MFA adapter configuration.\u003cbr\u003e"
                }
              ],
              "value": "Disable the Prompt Users to Set Up MFA option in your PingOne MFA adapter configuration."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2023-40356",
        "datePublished": "2024-07-09T15:38:56.245Z",
        "dateReserved": "2023-08-25T16:59:38.685Z",
        "dateUpdated": "2024-08-02T18:31:53.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-20746 (GCVE-0-2026-20746)

    Vulnerability from cvelistv5 – Published: 2026-06-12 02:16 – Updated: 2026-06-12 13:30
    VLAI
    Title
    PingDirectory copying of virtual attributes leads to memory exhaustion
    Summary
    Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-401 - Missing release of memory after effective lifetime
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingDirectory Affected: 9.3.0.0 , ≤ 9.3.0.8 (custom)
    Unknown: 10.1.0.0 , ≤ 10.1.0.5 (custom)
    Affected: 10.2.0.0 , ≤ 10.2.0.5 (custom)
    Affected: 10.3.0.0 , ≤ 10.3.0.3 (custom)
    Affected: 11.0.0.0 , < 11.0.0.1 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-20746",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-12T13:30:44.116370Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-12T13:30:51.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PingDirectory",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "9.3.0.8",
                  "status": "affected",
                  "version": "9.3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.1.0.5",
                  "status": "unknown",
                  "version": "10.1.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.2.0.5",
                  "status": "affected",
                  "version": "10.2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.3.0.3",
                  "status": "affected",
                  "version": "10.3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.0.0.1",
                  "status": "affected",
                  "version": "11.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when\u0026nbsp;recent login history is enabled and copying virtual attributes that reference ds-privilege-name values."
                }
              ],
              "value": "Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when\u00a0recent login history is enabled and copying virtual attributes that reference ds-privilege-name values."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-401",
                  "description": "CWE-401 Missing release of memory after effective lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-12T02:16:59.690Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026"
            },
            {
              "url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
            },
            {
              "url": "https://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes"
            }
          ],
          "source": {
            "advisory": "SECADV052",
            "defect": [
              "DS-51122"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "PingDirectory copying of virtual attributes leads to memory exhaustion",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2026-20746",
        "datePublished": "2026-06-12T02:16:59.690Z",
        "dateReserved": "2026-01-07T15:15:23.456Z",
        "dateUpdated": "2026-06-12T13:30:51.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-20628 (GCVE-0-2025-20628)

    Vulnerability from cvelistv5 – Published: 2026-04-07 22:33 – Updated: 2026-04-08 15:16
    VLAI
    Title
    Insufficient granularity of access control for Remote Connector Servers in client mode
    Summary
    An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingIDM Affected: 7.5.0 (custom)
    Affected: 7.4.0 , ≤ 7.4.1 (custom)
    Affected: 7.3.0 , ≤ 7.3.1 (custom)
    Affected: 7.2.0 , ≤ 7.2.2 (custom)
    Affected: 0 , ≤ 7.1.* (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20628",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-08T15:16:23.302687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-08T15:16:29.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "PingIDM",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.3.1",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.2.2",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "7.1.*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "At least one RCS configured in client mode in PingIDM\u003cbr\u003e"
                }
              ],
              "value": "At least one RCS configured in client mode in PingIDM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity\u2019s security-relevant properties, such as passwords and account recovery information. This issue is exploitable \u003cb\u003eonly\u003c/b\u003e when an RCS is configured to run in client mode."
                }
              ],
              "value": "An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity\u2019s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "UNREPORTED",
                "privilegesRequired": "NONE",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/S:P/AU:Y/R:U/V:C/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220 Insufficient Granularity of Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T22:33:05.356Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://backstage.forgerock.com/knowledge/advisories/article/a14305629?rev=_newest"
            },
            {
              "url": "https://backstage.pingidentity.com/downloads/browse/idm/featured"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eBoth of the following steps are required to mitigate the issue:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUpgrade to one of the fixed versions listed previously.\u003c/li\u003e\u003cli\u003eSecure the \u003ci\u003e/openicf\u003c/i\u003e\u0026nbsp;endpoint using the new access and authentication configuration options (refer to\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.pingidentity.com/pingoneaic/latest/product-information/migration-dependent-features.html#current_migration_dependent_features\"\u003e\u0026nbsp;\u003cu\u003emigration dependent features\u003c/u\u003e\u0026nbsp;\u003c/a\u003efor more details).\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Both of the following steps are required to mitigate the issue:\n\n  *  Upgrade to one of the fixed versions listed previously.\n  *  Secure the /openicf\u00a0endpoint using the new access and authentication configuration options (refer to \u00a0migration dependent features\u00a0 https://docs.pingidentity.com/pingoneaic/latest/product-information/migration-dependent-features.html#current_migration_dependent_features for more details)."
            }
          ],
          "source": {
            "advisory": "202601",
            "defect": [
              "OPENIDM-20023"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Insufficient granularity of access control for Remote Connector Servers in client mode",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Configure a reverse proxy (such as PingGateway) to enforce IP and certificate-based rules to the \u003ci\u003e/openicf\u003c/i\u003e\u0026nbsp;endpoint.\u003cbr\u003e"
                }
              ],
              "value": "Configure a reverse proxy (such as PingGateway) to enforce IP and certificate-based rules to the /openicf\u00a0endpoint."
            },
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Configure all RCS instances to run in server mode.\u003cbr\u003e"
                }
              ],
              "value": "Configure all RCS instances to run in server mode."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-20628",
        "datePublished": "2026-04-07T22:33:05.356Z",
        "dateReserved": "2025-01-13T16:41:43.939Z",
        "dateUpdated": "2026-04-08T15:16:29.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27935 (GCVE-0-2025-27935)

    Vulnerability from cvelistv5 – Published: 2025-12-04 20:38 – Updated: 2025-12-05 17:33
    VLAI
    Title
    Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit
    Summary
    The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity One-Time Passcode Integration Kit for PingFederate Affected: 1.0 , ≤ 1.1 (custom)
    Unaffected: 1.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27935",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-05T17:30:21.689498Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-05T17:33:20.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "One-Time Passcode Integration Kit for PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "1.1",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                },
                {
                  "status": "unaffected",
                  "version": "1.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-04T20:38:31.922Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://support.pingidentity.com/s/article/SECADV051-PingFederate-OTP-Integration-Kit-authentication-bypass"
            },
            {
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            }
          ],
          "source": {
            "advisory": "SECADV051",
            "defect": [
              "IK-3752"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-27935",
        "datePublished": "2025-12-04T20:38:31.922Z",
        "dateReserved": "2025-04-16T01:21:55.178Z",
        "dateUpdated": "2025-12-05T17:33:20.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-26862 (GCVE-0-2025-26862)

    Vulnerability from cvelistv5 – Published: 2025-10-27 14:39 – Updated: 2025-10-27 14:48
    VLAI
    Title
    PingFederate unexpected browser flow initiation in redirectless mode
    Summary
    Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-307 - Improper Restriction of Excessive Authentication Attempts
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 11.3.0 , < 11.3.14 (custom)
    Affected: 12.0.0 , < 12.0.10 (custom)
    Affected: 12.1.0 , < 12.1.9 (custom)
    Affected: 12.2.0 , < 12.2.6 (custom)
    Affected: 12.3.0 , < 12.3.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-26862",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-27T14:48:01.060548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-27T14:48:11.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "HTML Form Adapter"
              ],
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "11.3.14",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.0.10",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.1.9",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.2.6",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.3.3",
                  "status": "affected",
                  "version": "12.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "11.3.14",
                      "versionStartIncluding": "11.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.0.10",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.1.9",
                      "versionStartIncluding": "12.1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.2.6",
                      "versionStartIncluding": "12.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:ping_identity:pingfederate:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "12.3.3",
                      "versionStartIncluding": "12.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks."
                }
              ],
              "value": "Unexpected authentication form rendering in HTML Form Adapter using only non-default redirectless mode in PingFederate allows authentication attempts which may enable brute force login attacks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            },
            {
              "capecId": "CAPEC-114",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-114 Authentication Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 0,
                "baseSeverity": "NONE",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-307",
                  "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T14:39:41.284Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://support.pingidentity.com/s/article/PingFederate-unexpected-template-rendering-in-redirectless-mode"
            },
            {
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingFederate unexpected browser flow initiation in redirectless mode",
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-26862",
        "datePublished": "2025-10-27T14:39:41.284Z",
        "dateReserved": "2025-04-16T01:21:55.185Z",
        "dateUpdated": "2025-10-27T14:48:11.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25573 (GCVE-0-2024-25573)

    Vulnerability from cvelistv5 – Published: 2025-06-15 15:25 – Updated: 2025-06-16 18:05
    VLAI
    Title
    Stored Cross-Site Scripting in Administrative Console Context
    Summary
    Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 12.1.0 , ≤ 12.1.4 (custom)
    Affected: 12.0.0 , ≤ 12.0.6 (custom)
    Affected: 11.3.0 , ≤ 11.3.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.10 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25573",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T18:05:33.459980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T18:05:43.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "12.1.4",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "12.0.6",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.3.9",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.2.10",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: transparent;\"\u003eUnsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Unsanitized user-supplied data saved in the PingFederate Administrative Console could trigger the execution of JavaScript code in subsequent user processing."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "HIGH",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/S:P/AU:N/R:U/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-15T15:25:38.540Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.pingidentity.com/pingfederate/12.1/release_notes/pf_release_notes.html"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            }
          ],
          "source": {
            "advisory": "SECADV048",
            "defect": [
              "PF-36304",
              "PF-36311",
              "PF-36313"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-Site Scripting in Administrative Console Context",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-25573",
        "datePublished": "2025-06-15T15:25:38.540Z",
        "dateReserved": "2024-02-29T23:52:30.507Z",
        "dateUpdated": "2025-06-16T18:05:43.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-22854 (GCVE-0-2025-22854)

    Vulnerability from cvelistv5 – Published: 2025-06-15 15:00 – Updated: 2025-06-16 18:07
    VLAI
    Title
    Possible thread exhaustion from processing http responses in PingFederate Google Adapter
    Summary
    Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-394 - Unexpected Status Code or Return Value
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 1.0.1 , < 1.5.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-22854",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T18:07:24.657856Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T18:07:39.037Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "Google Adapter",
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "1.5.2",
                  "status": "affected",
                  "version": "1.0.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper handling of non-200 http responses in\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;the PingFederate Google Adapter\u003c/span\u003e\u0026nbsp;leads to thread exhaustion under normal usage conditions."
                }
              ],
              "value": "Improper handling of non-200 http responses in\u00a0the PingFederate Google Adapter\u00a0leads to thread exhaustion under normal usage conditions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            },
            {
              "capecId": "CAPEC-469",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-469 HTTP DoS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "providerUrgency": "RED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:P/AU:Y/R:A/RE:M/U:Red",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-394",
                  "description": "CWE-394 Unexpected Status Code or Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-15T15:00:06.010Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://docs.pingidentity.com/integrations/google/google_login_integration_kit/pf_google_cic_changelog.html"
            }
          ],
          "source": {
            "advisory": "SECADV048",
            "defect": [
              "IK-3678"
            ],
            "discovery": "USER"
          },
          "title": "Possible thread exhaustion from processing http responses in PingFederate Google Adapter",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-22854",
        "datePublished": "2025-06-15T15:00:06.010Z",
        "dateReserved": "2025-01-13T16:41:43.959Z",
        "dateUpdated": "2025-06-16T18:07:39.037Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-21085 (GCVE-0-2025-21085)

    Vulnerability from cvelistv5 – Published: 2025-06-15 14:25 – Updated: 2025-06-16 18:08
    VLAI
    Title
    PingFederate OAuth Grant attribute duplication may use excessive memory
    Summary
    PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-462 - Duplicate Key in Associative List
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 12.2.0 , < 12.2.4 (custom)
    Affected: 12.1.0 , < 12.1.9 (custom)
    Affected: 12.0 , < 12.0.9 (custom)
    Affected: 11.3.0 , < 11.3.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-16T18:08:12.829414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-16T18:08:20.514Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "PostgreSQL"
              ],
              "platforms": [
                "Windows",
                "Linux"
              ],
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "12.2.4",
                  "status": "affected",
                  "version": "12.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.1.9",
                  "status": "affected",
                  "version": "12.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "12.0.9",
                  "status": "affected",
                  "version": "12.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "11.3.13",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization."
                }
              ],
              "value": "PingFederate OAuth2 grant duplication in PostgreSQL persistent storage allows OAuth2 requests to use excessive memory utilization."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-130",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-130 Excessive Allocation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "AUTOMATIC",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "LOW",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:P/AU:Y/R:A/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-462",
                  "description": "CWE-462 Duplicate Key in Associative List",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-15T14:25:39.067Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "tags": [
                "mitigation"
              ],
              "url": "https://support.pingidentity.com/s/article/PingFederate-grant-attribute-duplication-with-PostgreSQL"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "PingFederate OAuth Grant attribute duplication may use excessive memory",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Configuration options to mitigate:\u003cbr\u003e\u003cul\u003e\u003cli\u003eMinimum Interval to Roll Refresh Tokens\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eRefresh Token Rolling Grace Period (Seconds)\u003c/span\u003e\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "Configuration options to mitigate:\n  *  Minimum Interval to Roll Refresh Tokens\n  *  Refresh Token Rolling Grace Period (Seconds)"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-21085",
        "datePublished": "2025-06-15T14:25:39.067Z",
        "dateReserved": "2025-04-16T01:21:55.198Z",
        "dateUpdated": "2025-06-16T18:08:20.514Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20059 (GCVE-0-2025-20059)

    Vulnerability from cvelistv5 – Published: 2025-02-20 14:11 – Updated: 2025-02-20 14:27
    VLAI
    Title
    PingAM Java Policy Agent path traversal
    Summary
    Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingAM Java Policy Agent Affected: 0 , ≤ 5.10.3 (semver)
    Affected: 0 , ≤ 2023.11.1 (date)
    Affected: 0 , ≤ 2024.9 (date)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20059",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T14:25:41.533988Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-23",
                    "description": "CWE-23 Relative Path Traversal",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T14:27:23.298Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "PingAM Java Policy Agent",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "5.10.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                },
                {
                  "lessThanOrEqual": "2023.11.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "date"
                },
                {
                  "lessThanOrEqual": "2024.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "date"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.\u003cp\u003eThis issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9.\u003c/p\u003e"
                }
              ],
              "value": "Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-137",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-137 Parameter Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23 Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-20T14:11:28.146Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://backstage.forgerock.com/knowledge/advisories/article/a61848355"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingAM Java Policy Agent path traversal",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2025-20059",
        "datePublished": "2025-02-20T14:11:28.146Z",
        "dateReserved": "2025-01-13T16:41:43.965Z",
        "dateUpdated": "2025-02-20T14:27:23.298Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23983 (GCVE-0-2024-23983)

    Vulnerability from cvelistv5 – Published: 2024-11-11 22:56 – Updated: 2024-11-12 18:51
    VLAI
    Title
    Access rules for PingAccess may be circumvented with URL-encoded characters
    Summary
    Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-177 - Improper Handling of URL Encoding
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingAccess Affected: 8.1.0 , < 8.1.1 (custom)
    Affected: 8.0.0 , < 8.0.4 (custom)
    Affected: 7.3.0 , < 7.3.5 (custom)
    Affected: 7.2.0 , < 7.2.4 (custom)
    Affected: 7.1.0 , < 7.1.5 (custom)
    Affected: 7.0.0 , < 7.0.8 (custom)
    Affected: 6.0.0 , < 6.3.9 (custom)
    Create a notification for this product.
    pingidentity pingaccess Affected: 8.1.0 , < 8.1.1 (custom)
    Affected: 8.0.0 , < 8.0.4 (custom)
    Affected: 7.3.0 , < 7.3.5 (custom)
    Affected: 7.2.0 , < 7.2.4 (custom)
    Affected: 7.1.0 , < 7.1.5 (custom)
    Affected: 7.0.0 , < 7.0.8 (custom)
    Affected: 6.0.0 , < 6.3.9 (custom)
        cpe:2.3:a:pingidentity:pingaccess:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pingidentity:pingaccess:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "pingaccess",
                "vendor": "pingidentity",
                "versions": [
                  {
                    "lessThan": "8.1.1",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.4",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.3.5",
                    "status": "affected",
                    "version": "7.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.2.4",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.1.5",
                    "status": "affected",
                    "version": "7.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.0.8",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "6.3.9",
                    "status": "affected",
                    "version": "6.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-12T18:49:35.472344Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-12T18:51:50.901Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "modules": [
                "Rules engine"
              ],
              "product": "PingAccess",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThan": "8.1.1",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.4",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.2.4",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.1.5",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.0.8",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.9",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.\u003cbr\u003e"
                }
              ],
              "value": "Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H/S:P/AU:Y/RE:M/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "MODERATE"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-177",
                  "description": "CWE-177 Improper Handling of URL Encoding",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-11T22:56:58.036Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/pingaccess/latest/release_notes/pa_811_rn.html"
            },
            {
              "url": "https://www.pingidentity.com/en/resources/downloads/pingaccess.html"
            }
          ],
          "source": {
            "defect": [
              "PA-15776"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Access rules for PingAccess may be circumvented with URL-encoded characters",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-23983",
        "datePublished": "2024-11-11T22:56:58.036Z",
        "dateReserved": "2024-02-29T23:52:30.472Z",
        "dateUpdated": "2024-11-12T18:51:50.901Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25566 (GCVE-0-2024-25566)

    Vulnerability from cvelistv5 – Published: 2024-10-29 15:34 – Updated: 2024-10-29 19:58
    VLAI
    Title
    Open Redirect in PingAM
    Summary
    An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingAM Affected: 7.5.0 (major release)
    Affected: 7.4.0 , ≤ 7.4.1 (maintenance release)
    Affected: 7.3.0 , ≤ 7.3.1 (maintenance release)
    Affected: 7.2.0 , ≤ 7.2.2 (maintenance release)
    Affected: 7.1.0 , ≤ 7.1.4 (maintenance release)
    Affected: 0 , ≤ 7.0.2 (maintenance release)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25566",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-29T19:58:14.725482Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-29T19:58:25.775Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "PingAM",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "major release"
                },
                {
                  "lessThanOrEqual": "7.4.1",
                  "status": "affected",
                  "version": "7.4.0",
                  "versionType": "maintenance release"
                },
                {
                  "lessThanOrEqual": "7.3.1",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "maintenance release"
                },
                {
                  "lessThanOrEqual": "7.2.2",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "maintenance release"
                },
                {
                  "lessThanOrEqual": "7.1.4",
                  "status": "affected",
                  "version": "7.1.0",
                  "versionType": "maintenance release"
                },
                {
                  "lessThanOrEqual": "7.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maintenance release"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-98",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-98 Phishing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-29T15:34:53.358Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://backstage.forgerock.com/downloads/browse/am/featured"
            },
            {
              "url": "https://backstage.forgerock.com/knowledge/advisories/article/a63463303"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Open Redirect in PingAM",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-25566",
        "datePublished": "2024-10-29T15:34:53.358Z",
        "dateReserved": "2024-02-29T23:52:30.493Z",
        "dateUpdated": "2024-10-29T19:58:25.775Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23600 (GCVE-0-2024-23600)

    Vulnerability from cvelistv5 – Published: 2024-08-01 16:55 – Updated: 2024-10-31 19:02
    VLAI
    Title
    PingIDM Query Filter Vulnerability
    Summary
    Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingIDM Affected: 7.0.0 , ≤ 7.5.0 (custom)
    Create a notification for this product.
    Credits
    Ksandros Apostoli Miguel García Martín
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23600",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-07T14:27:41.190673Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:28:33.022Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-31T19:02:23.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Oct/18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Query Filter"
              ],
              "product": "PingIDM",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "7.5.0",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ksandros Apostoli"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Miguel Garc\u00eda Mart\u00edn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure."
                }
              ],
              "value": "Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-112",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-112 Brute Force"
                }
              ]
            },
            {
              "capecId": "CAPEC-410",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-410 Information Elicitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T16:36:41.204Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://backstage.forgerock.com/knowledge/kb/article/a95212747"
            },
            {
              "url": "https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality"
            }
          ],
          "source": {
            "advisory": "SA202402",
            "discovery": "EXTERNAL"
          },
          "title": "PingIDM Query Filter Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-23600",
        "datePublished": "2024-08-01T16:55:22.291Z",
        "dateReserved": "2024-02-29T23:52:30.512Z",
        "dateUpdated": "2024-10-31T19:02:23.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21832 (GCVE-0-2024-21832)

    Vulnerability from cvelistv5 – Published: 2024-07-09 23:04 – Updated: 2024-08-01 22:27
    VLAI
    Title
    PingFederate REST API Data Store Injection
    Summary
    A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 11.0.0 , ≤ 11.0.9 (custom)
    Affected: 11.1.0 , ≤ 11.1.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.8 (custom)
    Affected: 11.3.0 , ≤ 11.3.4 (custom)
    Affected: 12.0.0 (custom)
    Create a notification for this product.
    Date Public
    2024-07-09 22:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21832",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-10T14:02:13.851282Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T14:03:06.101Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.324Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
              "defaultStatus": "unaffected",
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.9",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.9",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.2.8",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.3.4",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "PingFederate instances running on vulnerable versions with REST data stores using the POST method and a JSON request body may be vulnerable to this issue.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "PingFederate instances running on vulnerable versions with REST data stores using the POST method and a JSON request body may be vulnerable to this issue."
            }
          ],
          "datePublic": "2024-07-09T22:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body.\u003cbr\u003e"
                }
              ],
              "value": "A potential JSON injection attack vector exists in PingFederate REST API data stores using the POST method and a JSON request body."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-242",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-242 Code Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T23:04:55.088Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingFederate REST API Data Store Injection",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "REST data stores using the POST method and a JSON request body should not be configured with variable references in the POST body.\u003cbr\u003e"
                }
              ],
              "value": "REST data stores using the POST method and a JSON request body should not be configured with variable references in the POST body."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-21832",
        "datePublished": "2024-07-09T23:04:55.088Z",
        "dateReserved": "2024-01-17T17:27:24.589Z",
        "dateUpdated": "2024-08-01T22:27:36.324Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22377 (GCVE-0-2024-22377)

    Vulnerability from cvelistv5 – Published: 2024-07-09 23:03 – Updated: 2024-08-01 22:43
    VLAI
    Title
    PingFederate Runtime Node Path Traversal
    Summary
    The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 11.0.0 , ≤ 11.0.9 (custom)
    Affected: 11.1.0 , ≤ 11.1.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.8 (custom)
    Affected: 11.3.0 , ≤ 11.3.4 (custom)
    Affected: 12.0.0 (custom)
    Affected: 10.3.0 , ≤ 10.3.13 (custom)
    Create a notification for this product.
    pingidentity pingfederate Affected: 10.3.0 , ≤ 10.3.13 (custom)
    Affected: 11.0.0 , ≤ 11.0.9 (custom)
    Affected: 11.1.0 , ≤ 11.1.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.8 (custom)
    Affected: 11.3.0 , ≤ 11.3.4 (custom)
        cpe:2.3:a:pingidentity:pingfederate:10.3.0:*:*:*:*:*:*:*
        cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:pingidentity:pingfederate:11.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:pingidentity:pingfederate:11.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:pingidentity:pingfederate:11.3.0:*:*:*:*:*:*:*
    Create a notification for this product.
    pingidentity pingfederate Affected: 12.0.0
        cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-07-09 22:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:pingidentity:pingfederate:10.3.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:pingidentity:pingfederate:11.1.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:pingidentity:pingfederate:11.2.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:pingidentity:pingfederate:11.3.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "pingfederate",
                "vendor": "pingidentity",
                "versions": [
                  {
                    "lessThanOrEqual": "10.3.13",
                    "status": "affected",
                    "version": "10.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "11.0.9",
                    "status": "affected",
                    "version": "11.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "11.1.9",
                    "status": "affected",
                    "version": "11.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "11.2.8",
                    "status": "affected",
                    "version": "11.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThanOrEqual": "11.3.4",
                    "status": "affected",
                    "version": "11.3.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "pingfederate",
                "vendor": "pingidentity",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.0.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22377",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-15T13:15:10.302158Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-23T16:13:24.203Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:43:34.512Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
              "defaultStatus": "unaffected",
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.9",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.9",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.2.8",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.3.4",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.3.13",
                  "status": "affected",
                  "version": "10.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "All instances of PingFederate on vulnerable versions are vulnerable to this issue.\u003cbr\u003e"
                }
              ],
              "value": "All instances of PingFederate on vulnerable versions are vulnerable to this issue."
            }
          ],
          "datePublic": "2024-07-09T22:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.\u003cbr\u003e"
                }
              ],
              "value": "The deploy directory in PingFederate runtime nodes is reachable to unauthorized users."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-126",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-126 Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T23:03:27.722Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingFederate Runtime Node Path Traversal",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The deploy directory can be restricted by making changes to runtime jetty configuration.\u0026nbsp;\u0026nbsp;\u003cbr\u003e"
                }
              ],
              "value": "The deploy directory can be restricted by making changes to runtime jetty configuration."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-22377",
        "datePublished": "2024-07-09T23:03:27.722Z",
        "dateReserved": "2024-01-17T17:27:24.578Z",
        "dateUpdated": "2024-08-01T22:43:34.512Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-22477 (GCVE-0-2024-22477)

    Vulnerability from cvelistv5 – Published: 2024-07-09 23:01 – Updated: 2024-08-01 22:51
    VLAI
    Title
    PingFederate OIDC Policy Management Editor Cross-Site Scripting
    Summary
    A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Ping Identity PingFederate Affected: 11.0.0 , ≤ 11.0.9 (custom)
    Affected: 11.1.0 , ≤ 11.1.9 (custom)
    Affected: 11.2.0 , ≤ 11.2.8 (custom)
    Affected: 11.3.0 , ≤ 11.3.4 (custom)
    Affected: 12.0.0 (custom)
    Affected: 10.3.0 , ≤ 10.3.13 (custom)
    Create a notification for this product.
    Date Public
    2024-07-09 22:27
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-22477",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-10T13:29:31.833138Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-10T13:30:14.614Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:51:09.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
              "defaultStatus": "unaffected",
              "product": "PingFederate",
              "vendor": "Ping Identity",
              "versions": [
                {
                  "lessThanOrEqual": "11.0.9",
                  "status": "affected",
                  "version": "11.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.1.9",
                  "status": "affected",
                  "version": "11.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.2.8",
                  "status": "affected",
                  "version": "11.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "11.3.4",
                  "status": "affected",
                  "version": "11.3.0",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "10.3.13",
                  "status": "affected",
                  "version": "10.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "configurations": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "All instances of PingFederate on vulnerable versions are vulnerable to this issue.\u003cbr\u003e"
                }
              ],
              "value": "All instances of PingFederate on vulnerable versions are vulnerable to this issue."
            }
          ],
          "datePublic": "2024-07-09T22:27:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.\u003cbr\u003e"
                }
              ],
              "value": "A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 1.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T23:01:28.611Z",
            "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
            "shortName": "Ping Identity"
          },
          "references": [
            {
              "url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "PingFederate OIDC Policy Management Editor Cross-Site Scripting",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
        "assignerShortName": "Ping Identity",
        "cveId": "CVE-2024-22477",
        "datePublished": "2024-07-09T23:01:28.611Z",
        "dateReserved": "2024-01-17T17:27:24.603Z",
        "dateUpdated": "2024-08-01T22:51:09.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }