cvedb.io
CVE-2021-42000
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2022-02-10T23:15:07.883 · Last modified 2026-06-17T04:09:08.090

Summary

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.

Affected products

pingidentity — pingfederate

Does this affect you?

Add your gear to cvedb and we'll alert you only when pingidentity ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.