The PingFederate Local Identity Profiles ‘/pf/idprofile.ping’ endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.
CPE | Name | Operator | Version |
---|---|---|---|
pingfederate | ge | 11.1.0 | |
pingfederate | le | 11.1.5 | |
pingfederate | ge | 11.2.0 | |
pingfederate | le | 11.2.2 | |
pingfederate | ge | 11.0.0 | |
pingfederate | le | 11.0.6 | |
pingfederate | ge | 10.3.0 | |
pingfederate | le | 10.3.11 |