Primary

Context

PingFederate Excessive Memory Utilization Vulnerability Due to OAuth2 Grant Duplication in PostgreSQL Storage

Vulnerability

A vulnerability in PingFederate allows for excessive memory usage due to OAuth2 grant duplication in PostgreSQL persistent storage. This issue arises from the way OAuth2 requests are handled, leading to inefficient memory utilization.

Impact

Excessive memory consumption, which could potentially lead to a denial-of-service condition by exhausting available system resources.

Remediation

Users can update their existing PingFederate 12.2 environment to the latest maintenance release. Instructions for downloading the latest version or performing an in-place update are available on the Ping Identity website.

Added: Jun 15, 2025, 3:19 PM

Updated: Jun 15, 2025, 3:19 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PingFederate Excessive Memory Utilization Vulnerability Due to OAuth2 Grant Duplication in PostgreSQL Storage

Vulnerability

Impact

Remediation

Affected Products

PingFederate

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating