CVE-2021-41770

CVE-2021-41770

EPSS 1.0%

Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://docs.pingidentity.com/bundle/pingfederate-103/page/ruz1628492711606.html https://www.pingidentity.com/en/resources/downloads/pingfederate.html