Cross site request forgery (csrf)

2023-04-2519:15:00

PRIOn knowledge base

www.prio-n.com

pingfederate

csrf

vulnerability

identity profiles

endpoint

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.8%

JSON

The PingFederate Local Identity Profiles ‘/pf/idprofile.ping’ endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.

CPENameOperatorVersion
pingfederatege11.1.0
pingfederatele11.1.5
pingfederatege11.2.0
pingfederatele11.2.2
pingfederatege11.0.0
pingfederatele11.0.6
pingfederatege10.3.0
pingfederatele10.3.11

Name	Operator	Version
pingfederate	ge	11.1.0
pingfederate	le	11.1.5
pingfederate	ge	11.2.0
pingfederate	le	11.2.2
pingfederate	ge	11.0.0
pingfederate	le	11.0.6
pingfederate	ge	10.3.0
pingfederate	le	10.3.11

References

docs.pingidentity.com/r/en-us/pingfederate-110/fll1675188537050