Lucene search
PingidentityPingfederate
3 matches found
CVE-2023-40545
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
9.8CVSS9.5AI score0.00066EPSS
CVE-2024-22377
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
5.3CVSS5.2AI score0.002EPSS
CVE-2024-22477
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The impact is contained to admin console users only.
4.3CVSS3.8AI score0.00082EPSS