Approved changes feed: RSS · Atom
cpe:2.3:a:ping_identity:pingidm:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Ping Identity (6d158c0c-35d7-577e-9df0-1f89137d9677) |
|---|---|
| Product | Pingidm (5da24f74-d5c7-55b4-a00b-fd4d9679f138) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-20628 |
vulnerable | 2026-06-03 14:59:14.822667 |
Insufficient granularity of access control for Remote Connector Servers in client mode
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector Servers (RCS) running in client mode. This means attackers can spoof a client-mode RCS (if one exists) to intercept and/or modify an identity’s security-relevant properties, such as passwords and account recovery information. This issue is exploitable only when an RCS is configured to run in client mode.
Published: 2026-04-07T22:33:05.356Z
Updated: 2026-04-08T15:16:29.865Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23600 |
vulnerable | 2026-06-03 14:55:04.131671 |
PingIDM Query Filter Vulnerability
LOW (2.7)
Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure.
Published: 2024-08-01T16:55:22.291Z
Updated: 2024-10-31T19:02:23.103Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.