153 matches found
CVE-2024-22377
CVE-2024-22377 concerns PingFederate: the deploy directory on runtime nodes is reachable to unauthorized users, enabling potential access to deployment files. Public sources (CNNVD) indicate PingFederate versions prior to 12.0.1 are affected; no fix version is listed there, but other references i...
CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only...
CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only...
Ping Identity PingFederate Security Vulnerability
Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1, which stems from an unauthorized user being able to access the deployment...
Ping Identity PingFederate Security Vulnerability
Ping Identity PingFederate is a flagship software-based federation server in the United States. It is used for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1 that stems from the presence of a potential JSON injection attack vector using...
Ping Identity PingFederate Security Vulnerability
Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. Ping Identity A security vulnerability exists in PingFederate versions prior to 12.0.1, which stems from a cross-site scripting vulnerability in the OIDC policy...
PT-2024-19373 · Unknown · Pingfederate
Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns the deploy directory in PingFederate runtime nodes being accessible to unauthorized users. Recommendations: At the moment, there is no information about a newer...
Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)
Google on Monday announced that it's simplifying the process of enabling two-factor authentication 2FA for users with personal and Workspace accounts. Also called 2-Step Verification 2SV, it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the password...
CVE-2023-40148
Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...
CVE-2023-40148
CVE-2023-40148 is a PingFederate SSRF vulnerability. The issue: an unauthenticated attacker can make forged HTTP POST requests to trigger server-side requests, potentially reaching internal network resources and consuming server-side resources. Documents identify PingFederate as affected; root ca...
CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability
Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...
CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability
Server-side request forgery SSRF in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests...
PT-2024-12858 · Unknown · Pingfederate
Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue allows unauthenticated HTTP requests to attack network resources and consume server-side resources via forged HTTP POST requests. This is a result of a server-side request...
CVE-2023-40545 PingFederate OAuth client_secret_jwt Authentication Bypass
Authentication bypass when an OAuth2 Client is using clientsecretjwt as its authentication method on affected 11.3 versions via specially crafted requests...
CVE-2023-40545 PingFederate OAuth client_secret_jwt Authentication Bypass
Authentication bypass when an OAuth2 Client is using clientsecretjwt as its authentication method on affected 11.3 versions via specially crafted requests...
Ping Identity PingFederate Access Control Error Vulnerability
Ping Identity PingFederate is a flagship software-based federation server in the United States. used for identity management. Ping Identity A security vulnerability exists in PingFederate version 11.3, which stems from the fact that authentication can be bypassed...
CVE-2023-39930
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request...
CVE-2023-39231
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...
CVE-2023-39930
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request...
CVE-2023-39231
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's...