Pingidentity Pingfederate 11.3.0
Approved changes feed: RSS · Atom
cpe:2.3:a:pingidentity:pingfederate:11.3.0:*:*:*:*:*:*:*
part: a version: 11.3.0 update: *
| Vendor | Pingidentity (f56e02bf-5fbe-54aa-9dfd-2b764962bd7c) |
|---|---|
| Product | Pingfederate (a526eb7e-24df-5707-978d-39838877022a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/pingidentity/pingfederate |
purl2cpe | 2026-06-01 10:12:01.780880 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-22377 |
vulnerable | 2026-06-03 14:55:00.559316 |
PingFederate Runtime Node Path Traversal
MEDIUM (5.3)
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
Published: 2024-07-09T23:03:27.722Z
Updated: 2024-08-01T22:43:34.512Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40545 |
vulnerable | 2026-06-03 14:52:49.925929 |
PingFederate OAuth client_secret_jwt Authentication Bypass
HIGH (8.8)
Authentication bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.
Published: 2024-02-06T17:27:42.361Z
Updated: 2024-08-22T16:53:12.079Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40148 |
vulnerable | 2026-06-03 14:52:42.596290 |
PingFederate Server Side Request Forgery vulnerability
MEDIUM (6.5)
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.
Published: 2024-04-10T00:03:31.966Z
Updated: 2024-08-12T15:09:02.174Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39219 |
vulnerable | 2026-06-03 14:52:37.949009 |
Admin Console Denial of Service via Java class enumeration
HIGH (7.5)
PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests
Published: 2023-10-25T01:44:44.362Z
Updated: 2025-06-12T14:58:40.168Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-37283 |
vulnerable | 2026-06-03 14:52:28.669976 |
Authentication Bypass via HTML Form & Identifier First Adapter
HIGH (8.1)
Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter
Published: 2023-10-25T01:24:47.780Z
Updated: 2024-08-02T17:09:34.014Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.