CVSS: 9.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20059 – PingAM Java Policy Agent path traversal
https://notcve.org/view.php?id=CVE-2025-20059
20 Feb 2025 — Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9. • https://backstage.forgerock.com/knowledge/advisories/article/a61848355 • CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-25566 – Open Redirect in PingAM
https://notcve.org/view.php?id=CVE-2024-25566
29 Oct 2024 — An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks • https://backstage.forgerock.com/downloads/browse/am/featured • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •