Lucene search
+L

153 matches found

Cvelist
Cvelist
added 2021/10/07 6:24 a.m.33 views

CVE-2021-41770

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure...

8.1AI score0.00962EPSS
Exploits0References2
CVE
CVE
added 2021/10/07 6:24 a.m.189 views

CVE-2021-41770

PingFederate (Ping Identity) before version 10.3.1 is vulnerable to an XXE attack due to improper pre-parsing validation, potentially allowing XML file disclosure. Affected product: PingFederate. Root cause: mishandled pre-parsing validation. Impact: XML data disclosure. Remediation: upgrade to P...

7.5CVSS7.9AI score0.00962EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/09/27 5:15 p.m.22 views

CVE-2021-40329

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...

9.8CVSS0.01113EPSS
Exploits0References1
Prion
Prion
added 2021/09/27 5:15 p.m.16 views

Authentication flaw

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...

7.5CVSS9.5AI score0.01113EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/09/27 5:15 p.m.4 views

CVE-2021-40329

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...

9.8CVSS5.8AI score0.01113EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/27 4:22 p.m.22 views

CVE-2021-40329

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...

9.8AI score0.01113EPSS
Exploits0References1
CVE
CVE
added 2021/09/27 4:22 p.m.46 views

CVE-2021-40329

Summary: CVE-2021-40329 affects Ping Identity PingFederate’s Authentication API prior to version 10.3, where external password management is mishandled. The vulnerability is tied to authentication handling and could impact confidentiality, integrity, and availability as reflected by the CVSS metr...

9.8CVSS9.5AI score0.01113EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/09/27 12:0 a.m.6 views

Ping Identity PingFederate 加密问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. A cryptographic issue vulnerability exists in Ping Identity PingFederate that stems from the mishandling of certain aspects of external password management by the Authenticatio...

9.8CVSS8.3AI score0.01113EPSS
Exploits0References1
NVD
NVD
added 2014/12/12 3:59 p.m.21 views

CVE-2014-8489

Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter...

6.4CVSS6.6AI score0.02906EPSS
Exploits1References3
Prion
Prion
added 2014/12/12 3:59 p.m.13 views

Open redirect

Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter...

6.4CVSS7.1AI score0.02906EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2014/12/12 3:0 p.m.20 views

CVE-2014-8489

Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter...

6.6AI score0.02906EPSS
Exploits1References3
CVE
CVE
added 2014/12/12 3:0 p.m.55 views

CVE-2014-8489

PingFederate 6.10.1 SP Endpoints is affected by an open redirect vulnerability in startSSO.ping, allowing remote attackers to redirect users via the TargetResource parameter and potentially enable phishing. Public references describe the vulnerability as a URL redirection to untrusted sites (CWE-...

6.4CVSS6.8AI score0.02906EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2014/12/09 12:0 a.m.39 views

PingFederate 6.10.1 SP Endpoints Open Redirect

CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Exploit Title: "Ping Identity Corporation" "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Product: PingFederate 6.10.1...

6.4CVSS6.8AI score0.02906EPSS
Exploits1
Rows per page
Query Builder