Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Ping Identity — Vulnerabilities & Security Advisories 48

Browse all 48 CVE security advisories affecting Ping Identity. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Ping Identity operates as an enterprise identity and access management provider, specializing in single sign-on, multi-factor authentication, and API security for hybrid and cloud environments. Its software suite, which manages digital identities and permissions, has historically been associated with forty-eight recorded Common Vulnerabilities and Exposures. These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation or insecure direct object references within its web-based administrative interfaces. While the company has not been the subject of a widely publicized, large-scale data breach affecting millions of end-users, the high volume of CVEs indicates persistent challenges in securing its complex authentication infrastructure. These recurring issues highlight the risks inherent in deploying intricate identity governance tools, where misconfigurations or unpatched software components can potentially allow attackers to bypass authentication mechanisms or gain unauthorized administrative access to connected enterprise systems.

Found 16 results / 48Clear Filters
Top products by Ping Identity: PingFederate PingID Windows Login PingAccess PingID Mobile Application PingIDM PingOne MFA Integration Kit for PingFederate PingID Radius PCV One-Time Passcode Integration Kit for PingFederate Self-Service Account Manager PingAM Java Policy Agent PingAM PingDirectory PingOne MFA Integration Kit unspecified PingID Adapter for PingFederate PingID Desktop for Windows PingCentral PingID Integration for Windows Login PingFederate PingOne MFA Integration Kit PingID Desktop PingID Mac Login RSA SecurID Integration Kit
CVE IDTitleCVSSSeverityPublished
CVE-2025-26862 PingFederate unexpected browser flow initiation in redirectless mode — PingFederateCWE-307 9.8AICriticalAI2025-10-27
CVE-2024-25573 Stored Cross-Site Scripting in Administrative Console Context — PingFederateCWE-79 5.4AIMediumAI2025-06-15
CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter — PingFederateCWE-394 7.5AIHighAI2025-06-15
CVE-2025-21085 PingFederate OAuth Grant attribute duplication may use excessive memory — PingFederateCWE-462 7.5AIHighAI2025-06-15
CVE-2024-21832 PingFederate REST API Data Store Injection — PingFederateCWE-94 3.5 Low2024-07-09
CVE-2024-22377 PingFederate Runtime Node Path Traversal — PingFederateCWE-22 5.3 Medium2024-07-09
CVE-2024-22477 PingFederate OIDC Policy Management Editor Cross-Site Scripting — PingFederateCWE-79 1.8 Low2024-07-09
CVE-2023-40148 PingFederate Server Side Request Forgery vulnerability — PingFederateCWE-918 6.5 Medium2024-04-10
CVE-2023-40545 PingFederate OAuth client_secret_jwt Authentication Bypass — PingFederateCWE-306 8.8 High2024-02-06
CVE-2023-34085 User Attribute Disclosure via DynamoDB Data Stores — PingFederateCWE-359 2.6 Low2023-10-25
CVE-2023-39219 Admin Console Denial of Service via Java class enumeration — PingFederateCWE-400 7.5 High2023-10-25
CVE-2023-37283 Authentication Bypass via HTML Form & Identifier First Adapter — PingFederateCWE-287 8.1 High2023-10-25
CVE-2022-40724 Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. — PingFederateCWE-352 6.4 Medium2023-04-25
CVE-2022-23722 PingFederate Password Reset via Authentication API Mishandling — PingFederateCWE-288 6.5 -2022-05-02
CVE-2021-42000 Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows — PingFederateCWE-285 5.3 Medium2022-02-10
CVE-2021-40329 Ping Identity PingFederate 加密问题漏洞 — PingFederate 9.8 -2021-09-27

This page lists every published CVE security advisory associated with Ping Identity. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.