CVE-2021-39270
7.5 HIGHIn Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur
Published: 2021-08-18 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- CWE
- CWE-346
Affected products
| Vendor | Product |
|---|---|
| pingidentity | rsa_securid_integration_kit |
Description
In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39270
- [Other]https://docs.pingidentity.com/bundle/integrations/page/yqq1563995045546.html
- [Other]https://www.pingidentity.com/en/resources/downloads/pingfederate.html
- [Other]https://docs.pingidentity.com/bundle/integrations/page/yqq1563995045546.html
- [Other]https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Related CVEs
Same vendor
- CVE-2021-41770 — Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure (7.5 HIGH)
- CVE-2021-40329 — The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management (9.8 CRITICAL)
Same CWE
- CVE-2026-12304 — Same-origin policy bypass in the Networking: Cookies component (9.1 CRITICAL)
- CVE-2026-47825 — Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios (8.6 HIGH)
- CVE-2026-9595 — Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g (5.3 MEDIUM)
- CVE-2026-11624 — The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent...
- CVE-2026-45173 — Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its...