Lucene search

[email protected]CVE-2022-40725

HistoryApr 25, 2023 - 7:15 p.m.

CVE-2022-40725

2023-04-2519:15:10

CWE-306

CWE-288

[email protected]

web.nvd.nist.gov

cve-2022-40725

pingid desktop

vulnerability

pin lockout

security issue

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.

Affected configurations

NVD

Node

pingidentitydesktopRange<1.7.4

CPENameOperatorVersion
pingidentity:desktoppingidentity desktoplt1.7.4

CPE	Name	Operator	Version
pingidentity:desktop	pingidentity desktop	lt	1.7.4

CNA Affected

[
  {
    "vendor": "Ping Identity",
    "product": "PingID Desktop for Windows",
    "versions": [
      {
        "version": "1.7.4",
        "status": "affected",
        "lessThan": "1.7.4",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "Ping Identity",
    "product": "PingID Desktop for macOS",
    "versions": [
      {
        "version": "1.7.4",
        "status": "affected",
        "lessThan": "1.7.4",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.pingidentity.com/r/en-us/pingid/desktop_app_1.7.4

7.3 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2022-40725

prion1 nvd1 cvelist1