Lucene search

[email protected]NVD:CVE-2022-40725

HistoryApr 25, 2023 - 7:15 p.m.

CVE-2022-40725

2023-04-2519:15:10

CWE-306

CWE-288

[email protected]

web.nvd.nist.gov

cve-2022-40725

pingid

desktop

vulnerability

bypass

pin lockout

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.

Affected configurations

NVD

Node

pingidentitydesktopRange<1.7.4

References

docs.pingidentity.com/r/en-us/pingid/desktop_app_1.7.4

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2022-40725

cve1 cvelist1 prion1