CNNVD-202506-1835 Information
CNNVD ID
CNNVD-202506-1835
Related CVE
- CNNVD Published: 2025-06-15
Description (Chinese)
Ping Identity PingFederate是美国Ping Identity公司的一个基于软件的旗舰联合服务器。用于身份管理。 Ping Identity PingFederate存在安全漏洞,该漏洞源于PostgreSQL持久存储中的OAuth2授权重复,可能导致内存利用率过高。
Description (English)
Ping Identity PingFederate is a software-based combined server for Ping Identity. For identity management. There is a security loophole in Ping Infrastructure PingFederate, which stems from OAuth2 authorization duplication in the permanent storage of PostgreSQL, which may lead to overutilization of memory.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Ping Identity
Published
2025-06-15
Last Modified
2026-02-24
References
https://support.pingidentity.com/s/article/PingFederate-grant-attribute-duplication-with-PostgreSQL https://www.pingidentity.com/en/resources/downloads/pingfederate.html https://access.redhat.com/security/cve/cve-2025-21085
Patch
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Share on: