Search criteria
2 vulnerabilities found for PingFederate PingOne MFA Integration Kit by Ping Identity
CVE-2022-23723 (GCVE-0-2022-23723)
Vulnerability from cvelistv5 – Published: 2022-05-02 22:05 – Updated: 2024-08-03 03:51
VLAI?
Title
PingFederate PingOneMFA Integration Kit MFA Bypass
Summary
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
Severity ?
7.7 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ping Identity | PingFederate PingOne MFA Integration Kit |
Affected:
1.4
Affected: 1.4.1 Affected: 1.5 Affected: 1.5.1 Affected: 1.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PingFederate PingOne MFA Integration Kit",
"vendor": "Ping Identity",
"versions": [
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T22:05:14",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html"
}
],
"source": {
"advisory": "SECADV029",
"defect": [
"IK-2982"
],
"discovery": "INTERNAL"
},
"title": "PingFederate PingOneMFA Integration Kit MFA Bypass",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"ID": "CVE-2022-23723",
"STATE": "PUBLIC",
"TITLE": "PingFederate PingOneMFA Integration Kit MFA Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PingFederate PingOne MFA Integration Kit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.4",
"version_value": "1.4"
},
{
"version_affected": "=",
"version_name": "1.4.1",
"version_value": "1.4.1"
},
{
"version_affected": "=",
"version_name": "1.5",
"version_value": "1.5"
},
{
"version_affected": "=",
"version_name": "1.5.1",
"version_value": "1.5.1"
},
{
"version_affected": "=",
"version_name": "1.5.2",
"version_value": "1.5.2"
}
]
}
}
]
},
"vendor_name": "Ping Identity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
"refsource": "MISC",
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"name": "https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html",
"refsource": "MISC",
"url": "https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html"
}
]
},
"source": {
"advisory": "SECADV029",
"defect": [
"IK-2982"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2022-23723",
"datePublished": "2022-05-02T22:05:15",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23723 (GCVE-0-2022-23723)
Vulnerability from nvd – Published: 2022-05-02 22:05 – Updated: 2024-08-03 03:51
VLAI?
Title
PingFederate PingOneMFA Integration Kit MFA Bypass
Summary
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
Severity ?
7.7 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ping Identity | PingFederate PingOne MFA Integration Kit |
Affected:
1.4
Affected: 1.4.1 Affected: 1.5 Affected: 1.5.1 Affected: 1.5.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PingFederate PingOne MFA Integration Kit",
"vendor": "Ping Identity",
"versions": [
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.5.1"
},
{
"status": "affected",
"version": "1.5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T22:05:14",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html"
}
],
"source": {
"advisory": "SECADV029",
"defect": [
"IK-2982"
],
"discovery": "INTERNAL"
},
"title": "PingFederate PingOneMFA Integration Kit MFA Bypass",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"ID": "CVE-2022-23723",
"STATE": "PUBLIC",
"TITLE": "PingFederate PingOneMFA Integration Kit MFA Bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PingFederate PingOne MFA Integration Kit",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "1.4",
"version_value": "1.4"
},
{
"version_affected": "=",
"version_name": "1.4.1",
"version_value": "1.4.1"
},
{
"version_affected": "=",
"version_name": "1.5",
"version_value": "1.5"
},
{
"version_affected": "=",
"version_name": "1.5.1",
"version_value": "1.5.1"
},
{
"version_affected": "=",
"version_name": "1.5.2",
"version_value": "1.5.2"
}
]
}
}
]
},
"vendor_name": "Ping Identity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
"refsource": "MISC",
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"name": "https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html",
"refsource": "MISC",
"url": "https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064234202.html"
}
]
},
"source": {
"advisory": "SECADV029",
"defect": [
"IK-2982"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2022-23723",
"datePublished": "2022-05-02T22:05:15",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}