Ping Identity PingFederate 11.0.0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*

part: a version: 11.0.0 update: *

VendorPingidentity (f56e02bf-5fbe-54aa-9dfd-2b764962bd7c)
ProductPingfederate (a526eb7e-24df-5707-978d-39838877022a)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:docker/pingidentity/pingfederate purl2cpe 2026-06-01 10:12:01.768015

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-22377 vulnerable 2026-06-03 14:55:00.557014 PingFederate Runtime Node Path Traversal
MEDIUM (5.3)
The deploy directory in PingFederate runtime nodes is reachable to unauthorized users.
Published: 2024-07-09T23:03:27.722Z
Updated: 2024-08-01T22:43:34.512Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-40148 vulnerable 2026-06-03 14:52:42.594912 PingFederate Server Side Request Forgery vulnerability
MEDIUM (6.5)
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.
Published: 2024-04-10T00:03:31.966Z
Updated: 2024-08-12T15:09:02.174Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-23722 vulnerable 2026-06-03 14:46:28.160751 PingFederate Password Reset via Authentication API Mishandling
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
Published: 2022-05-02T22:05:13.000Z
Updated: 2024-08-03T03:51:46.174Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.