Vulnerability Details CVE-2022-23723
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.4%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 5.0
References
- https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html
- https://www.pingidentity.com/en/resources/downloads/pingfederate.html
- https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html
- https://www.pingidentity.com/en/resources/downloads/pingfederate.html
Products affected by CVE-2022-23723
-
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.4
-
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.4.1
-
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.5
-
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.5.1
-
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.5.2