Lucene search
K

153 matches found

CVE
CVE
added 2024/07/09 11:3 p.m.74 views

CVE-2024-22377

CVE-2024-22377 concerns PingFederate: the deploy directory on runtime nodes is reachable to unauthorized users, enabling potential access to deployment files. Public sources (CNNVD) indicate PingFederate versions prior to 12.0.1 are affected; no fix version is listed there, but other references i...

5.3CVSS5.2AI score0.00439EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/09 11:1 p.m.30 views

CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only...

1.8CVSS0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 11:1 p.m.19 views

CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting

A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only...

1.8CVSS6.2AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Ping Identity PingFederate Security Vulnerability

Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1, which stems from an unauthorized user being able to access the deployment...

5.3CVSS6.6AI score0.00439EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

Ping Identity PingFederate Security Vulnerability

Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1 that stems from the presence of a potential JSON injection attack vector using...

3.5CVSS7AI score0.00238EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

Ping Identity PingFederate Security Vulnerability

Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1, which stems from a cross-site scripting vulnerability in the OIDC policy...

4.3CVSS6AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.9 views

PT-2024-19373 · Unknown · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns the deploy directory in PingFederate runtime nodes being accessible to unauthorized users. Recommendations: At the moment, there is no information about a newer...

5.3CVSS6.8AI score0.00439EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2024/05/07 10:2 a.m.11 views

Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)

Google on Monday announced that it's simplifying the process of enabling two-factor authentication 2FA for users with personal and Workspace accounts. Also called 2-Step Verification 2SV, it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the password...

7.5AI score
Exploits0
NVD
NVD
added 2024/04/10 12:15 a.m.13 views

CVE-2023-40148

Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...

6.5CVSS6.6AI score0.00461EPSS
Exploits0References2
CVE
CVE
added 2024/04/10 12:3 a.m.30 views

CVE-2023-40148

CVE-2023-40148 is a PingFederate SSRF vulnerability. The issue: an unauthenticated attacker can make forged HTTP POST requests to trigger server-side requests, potentially reaching internal network resources and consuming server-side resources. Documents identify PingFederate as affected; root ca...

6.5CVSS7AI score0.00461EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/10 12:3 a.m.9 views

CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability

Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...

6.5CVSS7.1AI score0.00461EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/10 12:3 a.m.16 views

CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability

Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...

6.5CVSS6.8AI score0.00461EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.6 views

PT-2024-12858 · Unknown · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue allows unauthenticated HTTP requests to attack network resources and consume server-side resources via forged HTTP POST requests. This is a result of a server-side request...

6.5CVSS7AI score0.00461EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/02/06 5:27 p.m.20 views

CVE-2023-40545 PingFederate OAuth client_secret_jwt Authentication Bypass

Authentication bypass when an OAuth2 Client is using clientsecretjwt as its authentication method on affected 11.3 versions via specially crafted requests...

8.8CVSS7.2AI score0.00933EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/06 5:27 p.m.23 views

CVE-2023-40545 PingFederate OAuth client_secret_jwt Authentication Bypass

Authentication bypass when an OAuth2 Client is using clientsecretjwt as its authentication method on affected 11.3 versions via specially crafted requests...

8.8CVSS9.8AI score0.00933EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.8 views

Ping Identity PingFederate Access Control Error Vulnerability

Ping Identity PingFederate is a flagship software-based federation server in the United States. used for identity management. Ping Identity A security vulnerability exists in PingFederate version 11.3, which stems from the fact that authentication can be bypassed...

9.8CVSS7AI score0.00933EPSS
Exploits0References4
OSV
OSV
added 2023/10/25 6:17 p.m.5 views

CVE-2023-39930

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request...

9.8CVSS5.8AI score0.00692EPSS
Exploits0References2
NVD
NVD
added 2023/10/25 6:17 p.m.15 views

CVE-2023-39231

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...

7.3CVSS7.2AI score0.00535EPSS
Exploits0References2
NVD
NVD
added 2023/10/25 6:17 p.m.35 views

CVE-2023-39930

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request...

9.8CVSS8.1AI score0.00692EPSS
Exploits0References2
OSV
OSV
added 2023/10/25 6:17 p.m.4 views

CVE-2023-39231

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...

6.5CVSS5.8AI score0.00535EPSS
Exploits0References2
Rows per page
Query Builder