CNNVD-202506-1838 Information
Jun 15, 2025
cve
CNNVD ID
CNNVD-202506-1838
Related CVE
- CNNVD Published: 2025-06-15
Description (Chinese)
Ping Identity PingFederate是美国Ping Identity公司的一个基于软件的旗舰联合服务器。用于身份管理。 Ping Identity PingFederate存在安全漏洞,该漏洞源于未清理用户提供的数据,可能导致执行JavaScript代码。
Description (English)
Ping Identity PingFederate is a software-based combined server for Ping Identity. For identity management. There is a security loophole in Ping Infrastructure PingFederate, which stems from uncleaned data provided by users and may lead to the implementation of JavaScript code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Ping Identity
Published
2025-06-15
Last Modified
2026-02-24
References
https://www.pingidentity.com/en/resources/downloads/pingfederate.html https://docs.pingidentity.com/pingfederate/12.1/release_notes/pf_release_notes.html https://access.redhat.com/security/cve/cve-2024-25573
Patch
https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Share on: