Vulnerabilities (CVE)

Filtered by vendor Pingidentity Subscribe

Filtered by product Pingfederate

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-23722	1 Pingidentity	1 Pingfederate	2022-05-10	3.5 LOW	6.5 MEDIUM
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing userâ€™s password.
CVE-2021-42000	1 Pingidentity	1 Pingfederate	2022-02-17	3.5 LOW	6.5 MEDIUM
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.