Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Ping Identity — Vulnerabilities & Security Advisories 48

Browse all 48 CVE security advisories affecting Ping Identity. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Ping Identity:PingFederatePingID Windows LoginPingAccessPingID Mobile ApplicationPingIDMPingOne MFA Integration Kit for PingFederatePingID Radius PCVOne-Time Passcode Integration Kit for PingFederateSelf-Service Account ManagerPingAM Java Policy AgentPingAMPingDirectoryPingOne MFA Integration KitunspecifiedPingID Adapter for PingFederatePingID Desktop for WindowsPingCentralPingID Integration for Windows LoginPingFederate PingOne MFA Integration KitPingID DesktopPingID Mac LoginRSA SecurID Integration Kit
CVE IDTitleCVSSSeverityPaused
CVE-2025-20628 Insufficient granularity of access control for Remote Connector Servers in client mode — PingIDMCWE-1220 5.9AIMediumAI2026-04-07
CVE-2025-27935 Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit — One-Time Passcode Integration Kit for PingFederateCWE-306 7.5AIHighAI2025-12-04
CVE-2025-26862 PingFederate unexpected browser flow initiation in redirectless mode — PingFederateCWE-307 9.8AICriticalAI2025-10-27
CVE-2024-25573 Stored Cross-Site Scripting in Administrative Console Context — PingFederateCWE-79 5.4AIMediumAI2025-06-15
CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter — PingFederateCWE-394 7.5AIHighAI2025-06-15
CVE-2025-21085 PingFederate OAuth Grant attribute duplication may use excessive memory — PingFederateCWE-462 7.5AIHighAI2025-06-15
CVE-2025-20059 PingAM Java Policy Agent path traversal — PingAM Java Policy AgentCWE-23 8.8 -2025-02-20
CVE-2024-23983 Access rules for PingAccess may be circumvented with URL-encoded characters — PingAccessCWE-20 9.1AICriticalAI2024-11-11
CVE-2024-25566 Open Redirect in PingAM — PingAMCWE-601 6.1AIMediumAI2024-10-29
CVE-2024-23600 PingIDM Query Filter Vulnerability — PingIDMCWE-20 2.7 Low2024-08-01
CVE-2024-21832 PingFederate REST API Data Store Injection — PingFederateCWE-94 3.5 Low2024-07-09
CVE-2024-22377 PingFederate Runtime Node Path Traversal — PingFederateCWE-22 5.3 Medium2024-07-09
CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting — PingFederateCWE-79 1.8 Low2024-07-09
CVE-2023-40356 PingOne MFA Integration Kit MFA bypass — PingOne MFA Integration Kit for PingFederateCWE-290 5.3AIMediumAI2024-07-09
CVE-2023-40702 PingOne MFA Integration Kit MFA bypass — PingOne MFA Integration Kit for PingFederateCWE-290 8.1AIHighAI2024-07-09
CVE-2024-23316 PingAccess HTTP Request Desynchronization Weakness — PingAccessCWE-444 7.5 -2024-05-31
CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability — PingFederateCWE-918 6.5 Medium2024-04-10
CVE-2023-40545 PingFederate OAuth client_secret_jwt Authentication Bypass — PingFederateCWE-306 8.8 High2024-02-06
CVE-2023-36496 Delegated Admin Virtual Attribute Provider Privilege Escalation — PingDirectoryCWE-269 7.7 High2024-02-01
CVE-2023-34085 User Attribute Disclosure via DynamoDB Data Stores — PingFederateCWE-359 2.6 Low2023-10-25
CVE-2023-39219 Admin Console Denial of Service via Java class enumeration — PingFederateCWE-400 7.5 High2023-10-25
CVE-2023-37283 Authentication Bypass via HTML Form & Identifier First Adapter — PingFederateCWE-287 8.1 High2023-10-25
CVE-2023-39930 PingFederate PingID Radius PCV Authentication Bypass — PingID Radius PCVCWE-288 7.5 High2023-10-24
CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass — PingOne MFA Integration KitCWE-288 7.3 High2023-10-24
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate. — PingID Adapter for PingFederateCWE-780 7.7 High2023-04-25
CVE-2022-40723 Configuration-based MFA Bypass in PingID RADIUS PCV. — PingID Radius PCVCWE-305 6.5 Medium2023-04-25
CVE-2022-40724 Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. — PingFederateCWE-352 6.4 Medium2023-04-25
CVE-2022-40725 PingID Desktop PIN attempt lockout bypass. — PingID Desktop for WindowsCWE-288 7.3 High2023-04-25
CVE-2022-23721 PingID integration for Windows login duplicate username collision. — unspecifiedCWE-694 3.8 Low2023-04-25
CVE-2018-25084 Ping Identity Self-Service Account Manager SSAMController.java cross site scripting — Self-Service Account ManagerCWE-79 3.5 Low2023-04-10

This page lists every published CVE security advisory associated with Ping Identity. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.