CVE-2023-39219 HIGH

CVE-2023-39219: Admin Console Denial of Service via Java class enumeration

Vendor Ping Identity

Product PingFederate

Weakness CWE-400

Published October 25, 2023

Last update June 12, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

Description

PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests

Key dates

Disclosure timeline

October 25, 2023 CVE published

June 12, 2025 Record updated

Identifiers

CVE CVE-2023-39219

CWE CWE-400

CVSS 7.5 / HIGH

Affected versions

Vendor Ping Identity

Product PingFederate

Affected ≥ 11.3 and ≤ 11.3.0

Vendor Ping Identity

Product PingFederate

Affected ≥ 11.2.0 and ≤ 11.2.6

Vendor Ping Identity

Product PingFederate

Affected ≥ 11.1.0 and ≤ 11.1.7

Vendor Ping Identity

Product PingFederate

Affected ≥ 10.3.0 and ≤ 10.3.12