CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31923
https://notcve.org/view.php?id=CVE-2021-31923
24 Sep 2021 — Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation. Ping Identity PingAccess versiones anteriores a 5.3.3, permite un contrabando de peticiones HTTP por medio de la manipulación de encabezados. • https://docs.pingidentity.com/bundle/pingaccess-53/page/wco1629833104567.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39270
https://notcve.org/view.php?id=CVE-2021-39270
18 Aug 2021 — In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur. En Ping Identity RSA SecurID Integration Kit versiones anteriores a 3.2, puede ocurrir una suplantación de usuarios. • https://docs.pingidentity.com/bundle/integrations/page/yqq1563995045546.html • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25826
https://notcve.org/view.php?id=CVE-2020-25826
23 Sep 2020 — PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. PingID Integration para Windows Login versiones anteriores a 2.4.2, permite a usuarios locales alcanzar privilegios al modificar el archivo CefSharp.BrowserSubprocess.exe • https://docs.pingidentity.com/bundle/pingid/page/xqz1597139945488.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2020-10654
https://notcve.org/view.php?id=CVE-2020-10654
13 May 2020 — Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. Ping Identity PingID SSH versiones anteriores a 4.0.14, contiene un desbordamiento del búfer en la región heap de la memoria en los servidores inscritos en PingID. Esta condición puede ser explotada potencialmente en un vector de Ejecución de Código Remota en el endpoint de autenticación. • https://docs.pingidentity.com/bundle/pingid/page/hmc1587998527490.html • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2019-13564 – Ping Identity Agentless Integration Kit Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-13564
11 Jul 2019 — XSS exists in Ping Identity Agentless Integration Kit before 1.5. Se presenta una vulnerabilidad de tipo XSS en Ping Identity Agentless Integration Kit anterior a la versión 1.5. Ping Identity Agentless Integration Kit versions prior to 1.5 suffer from a cross site scripting vulnerability. • https://packetstorm.news/files/id/154274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-1000134 – unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class
https://notcve.org/view.php?id=CVE-2018-1000134
16 Mar 2018 — UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty password when running in synchronous mode. commit with applied fix https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd that can result in Abil... • http://www.securityfocus.com/bid/103458 • CWE-284: Improper Access Control CWE-521: Weak Password Requirements •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8489 – PingFederate 6.10.1 SP Endpoints Open Redirect
https://notcve.org/view.php?id=CVE-2014-8489
09 Dec 2014 — Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the TargetResource parameter. Vulnerabilidad de redirección abierta en startSSO.ping en SP Endpoints en Ping Identity PingFederate 6.10.1 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro TargetResource. PingFe... • https://packetstorm.news/files/id/129454 •