Ping Identity PingFederate before 10.3.1 mishandles pre-parsing validation, leading to an XXE attack that can achieve XML file disclosure.CreditsPing Identity credits An Trinh of Calif. for their responsible disclosure.Referenceshttps://www.pingidentity.com/en/resources/downloads/pingfederate.htmlhttps://docs.pingidentity.com/bundle/pingfederate-103/page/ruz1628492711606.html
