Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ping Identity — Vulnerabilities & Security Advisories 48

Browse all 48 CVE security advisories affecting Ping Identity. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ping Identity operates as an enterprise identity and access management provider, specializing in single sign-on, multi-factor authentication, and API security for hybrid and cloud environments. Its software suite, which manages digital identities and permissions, has historically been associated with forty-eight recorded Common Vulnerabilities and Exposures. These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation or insecure direct object references within its web-based administrative interfaces. While the company has not been the subject of a widely publicized, large-scale data breach affecting millions of end-users, the high volume of CVEs indicates persistent challenges in securing its complex authentication infrastructure. These recurring issues highlight the risks inherent in deploying intricate identity governance tools, where misconfigurations or unpatched software components can potentially allow attackers to bypass authentication mechanisms or gain unauthorized administrative access to connected enterprise systems.

Top products by Ping Identity: PingFederate PingID Windows Login PingAccess PingID Mobile Application PingIDM PingOne MFA Integration Kit for PingFederate PingID Radius PCV One-Time Passcode Integration Kit for PingFederate Self-Service Account Manager PingAM Java Policy Agent PingAM PingDirectory PingOne MFA Integration Kit unspecified PingID Adapter for PingFederate PingID Desktop for Windows PingCentral PingID Integration for Windows Login PingFederate PingOne MFA Integration Kit PingID Desktop PingID Mac Login RSA SecurID Integration Kit
CVE IDTitleCVSSSeverityPublished
CVE-2025-20628 Insufficient granularity of access control for Remote Connector Servers in client mode — PingIDMCWE-1220 5.9AIMediumAI2026-04-07
CVE-2025-27935 Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit — One-Time Passcode Integration Kit for PingFederateCWE-306 7.5AIHighAI2025-12-04
CVE-2025-26862 PingFederate unexpected browser flow initiation in redirectless mode — PingFederateCWE-307 9.8AICriticalAI2025-10-27
CVE-2024-25573 Stored Cross-Site Scripting in Administrative Console Context — PingFederateCWE-79 5.4AIMediumAI2025-06-15
CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter — PingFederateCWE-394 7.5AIHighAI2025-06-15
CVE-2025-21085 PingFederate OAuth Grant attribute duplication may use excessive memory — PingFederateCWE-462 7.5AIHighAI2025-06-15
CVE-2025-20059 PingAM Java Policy Agent path traversal — PingAM Java Policy AgentCWE-23 8.8 -2025-02-20
CVE-2024-23983 Access rules for PingAccess may be circumvented with URL-encoded characters — PingAccessCWE-20 9.1AICriticalAI2024-11-11
CVE-2024-25566 Open Redirect in PingAM — PingAMCWE-601 6.1AIMediumAI2024-10-29
CVE-2024-23600 PingIDM Query Filter Vulnerability — PingIDMCWE-20 2.7 Low2024-08-01
CVE-2024-21832 PingFederate REST API Data Store Injection — PingFederateCWE-94 3.5 Low2024-07-09
CVE-2024-22377 PingFederate Runtime Node Path Traversal — PingFederateCWE-22 5.3 Medium2024-07-09
CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting — PingFederateCWE-79 1.8 Low2024-07-09
CVE-2023-40356 PingOne MFA Integration Kit MFA bypass — PingOne MFA Integration Kit for PingFederateCWE-290 5.3AIMediumAI2024-07-09
CVE-2023-40702 PingOne MFA Integration Kit MFA bypass — PingOne MFA Integration Kit for PingFederateCWE-290 8.1AIHighAI2024-07-09
CVE-2024-23316 PingAccess HTTP Request Desynchronization Weakness — PingAccessCWE-444 7.5 -2024-05-31
CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability — PingFederateCWE-918 6.5 Medium2024-04-10
CVE-2023-40545 PingFederate OAuth client_secret_jwt Authentication Bypass — PingFederateCWE-306 8.8 High2024-02-06
CVE-2023-36496 Delegated Admin Virtual Attribute Provider Privilege Escalation — PingDirectoryCWE-269 7.7 High2024-02-01
CVE-2023-34085 User Attribute Disclosure via DynamoDB Data Stores — PingFederateCWE-359 2.6 Low2023-10-25
CVE-2023-39219 Admin Console Denial of Service via Java class enumeration — PingFederateCWE-400 7.5 High2023-10-25
CVE-2023-37283 Authentication Bypass via HTML Form & Identifier First Adapter — PingFederateCWE-287 8.1 High2023-10-25
CVE-2023-39930 PingFederate PingID Radius PCV Authentication Bypass — PingID Radius PCVCWE-288 7.5 High2023-10-24
CVE-2023-39231 PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass — PingOne MFA Integration KitCWE-288 7.3 High2023-10-24
CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate. — PingID Adapter for PingFederateCWE-780 7.7 High2023-04-25
CVE-2022-40723 Configuration-based MFA Bypass in PingID RADIUS PCV. — PingID Radius PCVCWE-305 6.5 Medium2023-04-25
CVE-2022-40724 Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. — PingFederateCWE-352 6.4 Medium2023-04-25
CVE-2022-40725 PingID Desktop PIN attempt lockout bypass. — PingID Desktop for WindowsCWE-288 7.3 High2023-04-25
CVE-2022-23721 PingID integration for Windows login duplicate username collision. — unspecifiedCWE-694 3.8 Low2023-04-25
CVE-2018-25084 Ping Identity Self-Service Account Manager SSAMController.java cross site scripting — Self-Service Account ManagerCWE-79 3.5 Low2023-04-10

This page lists every published CVE security advisory associated with Ping Identity. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.