Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ping Identity — Vulnerabilities & Security Advisories 48

Browse all 48 CVE security advisories affecting Ping Identity. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ping Identity operates as an enterprise identity and access management provider, specializing in single sign-on, multi-factor authentication, and API security for hybrid and cloud environments. Its software suite, which manages digital identities and permissions, has historically been associated with forty-eight recorded Common Vulnerabilities and Exposures. These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation or insecure direct object references within its web-based administrative interfaces. While the company has not been the subject of a widely publicized, large-scale data breach affecting millions of end-users, the high volume of CVEs indicates persistent challenges in securing its complex authentication infrastructure. These recurring issues highlight the risks inherent in deploying intricate identity governance tools, where misconfigurations or unpatched software components can potentially allow attackers to bypass authentication mechanisms or gain unauthorized administrative access to connected enterprise systems.

Top products by Ping Identity: PingFederate PingID Windows Login PingAccess PingID Mobile Application PingIDM PingOne MFA Integration Kit for PingFederate PingID Radius PCV One-Time Passcode Integration Kit for PingFederate Self-Service Account Manager PingAM Java Policy Agent PingAM PingDirectory PingOne MFA Integration Kit unspecified PingID Adapter for PingFederate PingID Desktop for Windows PingCentral PingID Integration for Windows Login PingFederate PingOne MFA Integration Kit PingID Desktop PingID Mac Login RSA SecurID Integration Kit
CVE IDTitleCVSSSeverityPublished
CVE-2022-23726 Ping Identity PingCentral 安全漏洞 — PingCentralCWE-200 5.4 Medium2022-09-30
CVE-2022-23725 PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances — PingID Windows LoginCWE-522 7.7 High2022-06-30
CVE-2022-23720 PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file — PingID Windows LoginCWE-648 7.5 High2022-06-30
CVE-2022-23719 PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests — PingID Windows LoginCWE-310 7.2 High2022-06-30
CVE-2022-23718 PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution — PingID Windows LoginCWE-1352 7.6 High2022-06-30
CVE-2022-23717 PingID Windows Login prior to 2.8 denial of service condition — PingID Windows LoginCWE-404 5.0 Medium2022-06-30
CVE-2021-41995 PingID Mac Login prior to 1.1 vulnerable to pre-computed dictionary attacks — PingID Mac LoginCWE-310 7.7 High2022-06-30
CVE-2022-23724 PingID Integration for Windows Login MFA Bypass — PingID Integration for Windows LoginCWE-310 6.4 Medium2022-05-04
CVE-2022-23723 PingFederate PingOneMFA Integration Kit MFA Bypass — PingFederate PingOne MFA Integration KitCWE-288 7.7 High2022-05-02
CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling — PingFederateCWE-288 6.5 -2022-05-02
CVE-2021-42001 PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure — PingID DesktopCWE-310 8.0 High2022-04-30
CVE-2021-41994 PingID iOS mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks — PingID Mobile ApplicationCWE-310 6.6 Medium2022-04-30
CVE-2021-41993 PingID Android mobile application prior to 1.19 vulnerable to pre-computed dictionary attacks — PingID Mobile ApplicationCWE-310 6.6 Medium2022-04-30
CVE-2021-41992 PingID Windows Login RSA cryptographic weakness with possible offline MFA bypass — PingID Windows LoginCWE-310 7.7 High2022-04-30
CVE-2021-42000 Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows — PingFederateCWE-285 5.3 Medium2022-02-10
CVE-2021-40329 Ping Identity PingFederate 加密问题漏洞 — PingFederate 9.8 -2021-09-27
CVE-2021-31923 Ping Identity PingAccess 环境问题漏洞 — PingAccess 7.5 -2021-09-24
CVE-2021-39270 Ping Identity RSA SecurID Integration Kit 访问控制错误漏洞 — RSA SecurID Integration Kit 7.5 -2021-08-18

This page lists every published CVE security advisory associated with Ping Identity. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.