cvelist/2022/23xxx/CVE-2022-23722.json
2022-05-02 16:39:06 -05:00

102 lines
4.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ASSIGNER": "responsible-disclosure@pingidentity.com",
"ID": "CVE-2022-23722",
"STATE": "PUBLIC",
"TITLE": "PingFederate Password Reset via Authentication API Mishandling"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PingFederate",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "11.0",
"version_value": "11.0"
},
{
"version_affected": "<=",
"version_name": "10.3",
"version_value": "10.3.4"
},
{
"version_affected": "<=",
"version_name": "10.2",
"version_value": "10.2.7"
},
{
"version_affected": "<=",
"version_name": "10.1",
"version_value": "10.1.9"
},
{
"version_affected": "<=",
"version_name": "10.0",
"version_value": "10.0.12"
},
{
"version_affected": "<=",
"version_name": "9.3",
"version_value": "9.3.3P16"
}
]
}
}
]
},
"vendor_name": "Ping Identity"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing users password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html",
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"
},
{
"refsource": "MISC",
"name": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html",
"url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"
}
]
},
"source": {
"advisory": "SECBL021",
"defect": [
"PF-30450"
],
"discovery": "INTERNAL"
}
}