Description
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes that reference ds-privilege-name values.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
Passive
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
Low
Confidentiality (Subsequent System)
High
Integrity (Subsequent System)
High
Availability (Subsequent System)
High
Scope
Physical
AU
Y
R
Unchanged
RE
M
U
Amber
Affected products
- Ping Identity / PingDirectory9.3.0.0 – 9.3.0.8
- Ping Identity / PingDirectory10.1.0.0 – 10.1.0.5
- Ping Identity / PingDirectory10.2.0.0 – 10.2.0.5
- Ping Identity / PingDirectory10.3.0.0 – 10.3.0.3
- Ping Identity / PingDirectory11.0.0.0 – 11.0.0.1
References
- MISChttps://docs.pingidentity.com/pingdirectory/11.0/release_notes/pd_release_notes.html#pingdirectory-suite-of-products-11-0-0-1-march-2026
- MISChttps://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html
- MISChttps://support.pingidentity.com/s/article/SECADV052-Denial-of-Service-via-copying-virtual-attributes