Browse all 48 CVE security advisories affecting Ping Identity. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ping Identity operates as an enterprise identity and access management provider, specializing in single sign-on, multi-factor authentication, and API security for hybrid and cloud environments. Its software suite, which manages digital identities and permissions, has historically been associated with forty-eight recorded Common Vulnerabilities and Exposures. These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation or insecure direct object references within its web-based administrative interfaces. While the company has not been the subject of a widely publicized, large-scale data breach affecting millions of end-users, the high volume of CVEs indicates persistent challenges in securing its complex authentication infrastructure. These recurring issues highlight the risks inherent in deploying intricate identity governance tools, where misconfigurations or unpatched software components can potentially allow attackers to bypass authentication mechanisms or gain unauthorized administrative access to connected enterprise systems.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-20059 | PingAM Java Policy Agent path traversal — PingAM Java Policy AgentCWE-23 | 8.8 | - | 2025-02-20 |
This page lists every published CVE security advisory associated with Ping Identity. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.