Lucene search

[email protected]NVD:CVE-2022-23725

HistoryJun 30, 2022 - 8:15 p.m.

CVE-2022-23725

2022-06-3020:15:08

CWE-288

CWE-732

CWE-522

[email protected]

web.nvd.nist.gov

pingid windows login

cve-2022-23725

permissions

registry

api keys

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

Affected configurations

Nvd

Node

pingidentitypingid_integration_for_windows_loginRange<2.8

VendorProductVersionCPE
pingidentitypingid_integration_for_windows_login*cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pingidentity	pingid_integration_for_windows_login	*	cpe:2.3:a:pingidentity:pingid_integration_for_windows_login::::::::

References

docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html

www.pingidentity.com/en/resources/downloads/pingid.html

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2022-23725

cve1 prion1 cvelist1