Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PingFederate — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in PingFederate, with AI-generated Chinese analysis, references, and POCs.

Vendor: Ping Identity

CVE IDTitleCVSSSeverityPublished
CVE-2025-26862 PingFederate unexpected browser flow initiation in redirectless mode CWE-307 9.8AICriticalAI2025-10-27
CVE-2024-25573 Stored Cross-Site Scripting in Administrative Console Context CWE-79 5.4AIMediumAI2025-06-15
CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter CWE-394 7.5AIHighAI2025-06-15
CVE-2025-21085 PingFederate OAuth Grant attribute duplication may use excessive memory CWE-462 7.5AIHighAI2025-06-15
CVE-2024-21832 PingFederate REST API Data Store Injection CWE-94 3.5 Low2024-07-09
CVE-2024-22377 PingFederate Runtime Node Path Traversal CWE-22 5.3 Medium2024-07-09
CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting CWE-79 1.8 Low2024-07-09
CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability CWE-918 6.5 Medium2024-04-10
CVE-2023-40545 PingFederate OAuth client_secret_jwt Authentication Bypass CWE-306 8.8 High2024-02-06
CVE-2023-34085 User Attribute Disclosure via DynamoDB Data Stores CWE-359 2.6 Low2023-10-25
CVE-2023-39219 Admin Console Denial of Service via Java class enumeration CWE-400 7.5 High2023-10-25
CVE-2023-37283 Authentication Bypass via HTML Form & Identifier First Adapter CWE-287 8.1 High2023-10-25
CVE-2022-40724 Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. CWE-352 6.4 Medium2023-04-25
CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling CWE-288 6.5 -2022-05-02
CVE-2021-42000 Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows CWE-285 5.3 Medium2022-02-10
CVE-2021-40329 Ping Identity PingFederate 加密问题漏洞 9.8 -2021-09-27

All 16 known CVE vulnerabilities affecting PingFederate with full Chinese analysis, references, and POCs where available.