| CVE-2024-25566 | medium | 6.1 | An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper valid… | Oct 29, 2024 | Nov 8, 2024 |
| CVE-2024-22477 | low | 1.8 | A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor. The … | Jul 9, 2024 | Nov 21, 2024 |
| CVE-2024-22377 | medium | 5.3 | The deploy directory in PingFederate runtime nodes is reachable to unauthorized users. | Jul 9, 2024 | Nov 21, 2024 |
| CVE-2023-0582 | high | 8.1 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Forg… | Mar 27, 2024 | Apr 14, 2025 |
| CVE-2023-40545 | high | 8.8 | Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method … | Feb 6, 2024 | Nov 21, 2024 |
| CVE-2023-36496 | high | 7.7 | Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated u… | Feb 1, 2024 | Nov 21, 2024 |
| CVE-2023-39930 | high | 7.5 | A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV… | Oct 25, 2023 | Nov 21, 2024 |
| CVE-2023-39231 | high | 7.3 | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring se… | Oct 25, 2023 | Nov 21, 2024 |
| CVE-2023-39219 | high | 7.5 | PingFederate Administrative Console dependency contains a weakness where console becomes unresponsiv… | Oct 25, 2023 | Nov 21, 2024 |
| CVE-2023-37283 | high | 8.1 | Under a very specific and highly unrecommended configuration, authentication bypass is possible in t… | Oct 25, 2023 | Nov 21, 2024 |
| CVE-2023-34085 | low | 2.6 | When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attrib… | Oct 25, 2023 | Nov 21, 2024 |
| CVE-2022-40725 | high | 7.3 | PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be explo… | Apr 25, 2023 | Nov 21, 2024 |
| CVE-2022-40724 | medium | 6.4 | The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site R… | Apr 25, 2023 | Nov 21, 2024 |
| CVE-2022-40723 | medium | 6.5 | The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA… | Apr 25, 2023 | Nov 21, 2024 |
| CVE-2022-40722 | high | 7.7 | A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offl… | Apr 25, 2023 | Nov 21, 2024 |
| CVE-2022-23721 | low | 3.8 | PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lea… | Apr 25, 2023 | Nov 21, 2024 |
| CVE-2022-3748 | critical | 9.8 | Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypas… | Apr 14, 2023 | Nov 21, 2024 |
| CVE-2018-25084 | low | 3.5 | A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service A… | Apr 10, 2023 | Nov 21, 2024 |
| CVE-2023-1656 | high | 7.5 | Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Rem… | Mar 29, 2023 | Apr 14, 2025 |
| CVE-2023-0511 | critical | 9.1 | Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authen… | Feb 28, 2023 | Apr 14, 2025 |
| CVE-2023-0339 | critical | 9.1 | Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authent… | Feb 28, 2023 | Apr 14, 2025 |
| CVE-2022-24670 | high | 7.1 | An attacker can use the unrestricted LDAP queries to determine configuration entries | Oct 27, 2022 | Nov 21, 2024 |
| CVE-2022-24669 | medium | 6.5 | It may be possible to gain some details of the deployment through a well-crafted attack. This may al… | Oct 27, 2022 | Nov 21, 2024 |
| CVE-2022-23726 | medium | 5.4 | PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with admini… | Sep 30, 2022 | Nov 21, 2024 |
| CVE-2022-0143 | critical | 9.3 | When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This… | Sep 19, 2022 | Nov 21, 2024 |
