Lucene search

Ping IdentityCVELIST:CVE-2022-23725

HistoryJun 30, 2022 - 7:25 p.m.

CVE-2022-23725 PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances

2022-06-3019:25:46

CWE-522

CWE-288

Ping Identity

www.cve.org

pingid

windows registry

api keys

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "PingID Windows Login",
    "vendor": "Ping Identity",
    "versions": [
      {
        "lessThan": "2.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html

www.pingidentity.com/en/resources/downloads/pingid.html

CVSS3

7.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2022-23725