CVE-2021-41770

CVE-2021-41770

EPSS 1.0%

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.pingidentity.com/bundle/pingfederate-103/page/ruz1628492711606.html https://www.pingidentity.com/en/resources/downloads/pingfederate.html