CVE-2021-40329

Summary

The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingFederate9.2.3affected
Ping IdentityPingFederate9.3.3affected
Ping IdentityPingFederate10.0.9affected
Ping IdentityPingFederate10.1.6affected
Ping IdentityPingFederate10.2.3affected

Weaknesses

  • Incorrect Access Control

ADP Enrichment

CVE Program Container

Additional References

References