CVE-2022-23718

EPSS 1.59%
Veröffentlicht 30.06.2022 20:15:08
Zuletzt bearbeitet 21.11.2024 06:49:10
Quelle responsible-disclosure@pingide
CVE-Watchlists
Login
Unerledigt
Login

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pingidentity ≫ Pingid Integration For Windows Login Version < 2.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.59%	0.724

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
responsible-disclosure@pingidentity.com	7.6	1	6	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.pingidentity.com/en/resources/downloads/pingid.html

Vendor Advisory

Product

https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2022-23718

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23718

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23718

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-23718