Vulnerability Details CVE-2022-23718
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.6%
CVSS Severity
CVSS v3 Score 7.6
CVSS v2 Score 9.3
References
Products affected by CVE-2022-23718
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:-
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.0
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.2
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.3
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.0
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.1
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.2
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.3
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.3.1
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.4.2
-
cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.7