Ping Identity PingFederate 9.3.3 Patch 15
Approved changes feed: RSS · Atom
cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15:*:*:*:*:*:*
part: a version: 9.3.3 update: p15
| Vendor | Pingidentity (f56e02bf-5fbe-54aa-9dfd-2b764962bd7c) |
|---|---|
| Product | Pingfederate (a526eb7e-24df-5707-978d-39838877022a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/pingidentity/pingfederate |
purl2cpe | 2026-06-01 10:12:01.780893 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-23722 |
vulnerable | 2026-06-03 14:46:28.160229 |
PingFederate Password Reset via Authentication API Mishandling
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
Published: 2022-05-02T22:05:13.000Z
Updated: 2024-08-03T03:51:46.174Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-42000 |
vulnerable | 2026-06-03 14:45:26.489094 |
Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows
MEDIUM (5.3)
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
Published: 2022-02-10T22:30:11.000Z
Updated: 2024-08-04T03:22:25.779Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.