A vulnerability has been found in Ping Identity PingFederate up to 11.0.8/11.1.8/11.2.7/11.3.2 and classified as critical. This vulnerability affects unknown code of the component HTTP POST Request Handler. The manipulation leads to server-side request forgery.

This vulnerability was named CVE-2023-40148. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.