PT-2026-48819 · Ping Identity · Pingdirectory
Published
2026-06-12
·
Updated
2026-06-12
·
CVE-2026-20746
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:Y/R:U/V:X/RE:M/U:Amber |
Name of the Vulnerable Software and Affected Versions
Ping Identity PingDirectory (affected versions not specified)
Description
Improper virtual attribute handling allows authorized users to exhaust the Java memory heap. This occurs when recent login history is enabled and virtual attributes that reference
ds-privilege-name values are copied.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pingdirectory