153 matches found
CVE-2021-41770
Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure...
CVE-2021-41770
PingFederate (Ping Identity) before version 10.3.1 is vulnerable to an XXE attack due to improper pre-parsing validation, potentially allowing XML file disclosure. Affected product: PingFederate. Root cause: mishandled pre-parsing validation. Impact: XML data disclosure. Remediation: upgrade to P...
CVE-2021-40329
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...
Authentication flaw
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...
CVE-2021-40329
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...
CVE-2021-40329
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management...
CVE-2021-40329
Summary: CVE-2021-40329 affects Ping Identity PingFederate’s Authentication API prior to version 10.3, where external password management is mishandled. The vulnerability is tied to authentication handling and could impact confidentiality, integrity, and availability as reflected by the CVSS metr...
Ping Identity PingFederate 加密问题漏洞
Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. A cryptographic issue vulnerability exists in Ping Identity PingFederate that stems from the mishandling of certain aspects of external password management by the Authenticatio...
CVE-2014-8489
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter...
Open redirect
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter...
CVE-2014-8489
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter...
CVE-2014-8489
PingFederate 6.10.1 SP Endpoints is affected by an open redirect vulnerability in startSSO.ping, allowing remote attackers to redirect users via the TargetResource parameter and potentially enable phishing. Public references describe the vulnerability as a URL redirection to untrusted sites (CWE-...
PingFederate 6.10.1 SP Endpoints Open Redirect
CVE-2014-8489 Ping Identity Corporation "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Exploit Title: "Ping Identity Corporation" "PingFederate 6.10.1 SP Endpoints" Dest Redirect Privilege Escalation Security Vulnerability Product: PingFederate 6.10.1...