cbcvebase.
CVE-2022-40724
published 2023-04-25

CVE-2022-40724: The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.

PriorityP335high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.18%
7.8th percentile
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.

Affected

12 ranges
VendorProductVersion rangeFixed in
ping_identitypingfederate>= 10.3.0 < 10.3.0*10.3.0*
ping_identitypingfederate10.3.11 – 10.3.11
ping_identitypingfederate>= 11.0.0 < 11.0.0*11.0.0*
ping_identitypingfederate11.0.6 – 11.0.6
ping_identitypingfederate>= 11.1.0 < 11.1.0*11.1.0*
ping_identitypingfederate11.1.5 – 11.1.5
ping_identitypingfederate>= 11.2.0 < 11.2.0*11.2.0*
ping_identitypingfederate11.2.2 – 11.2.2
pingidentitypingfederate10.3.0 – 10.3.11
pingidentitypingfederate11.0.0 – 11.0.6
pingidentitypingfederate11.1.0 – 11.1.5
pingidentitypingfederate11.2.0 – 11.2.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.