CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23724

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.4%

CVSS Severity

CVSS v3 Score 6.4

CVSS v2 Score 5.5

References

Products affected by CVE-2022-23724

Pingidentity » Pingid Integration For Windows Login » Version: N/A

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:-
Pingidentity » Pingid Integration For Windows Login » Version: 1.0

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.0
Pingidentity » Pingid Integration For Windows Login » Version: 1.2

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.2
Pingidentity » Pingid Integration For Windows Login » Version: 1.3

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:1.3
Pingidentity » Pingid Integration For Windows Login » Version: 2.0

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.0
Pingidentity » Pingid Integration For Windows Login » Version: 2.1

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.1
Pingidentity » Pingid Integration For Windows Login » Version: 2.2

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.2
Pingidentity » Pingid Integration For Windows Login » Version: 2.3

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.3
Pingidentity » Pingid Integration For Windows Login » Version: 2.3.1

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:2.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-23724

Products

Pricing

Contact Us