CVE-2022-23723 — HIGH (7.7)

Vulnerability Description

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.

CVSS Score

7.7

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Pingidentity	Pingone Mfa Integration Kit	1.4

Related Weaknesses (CWE)

CWE-287 CWE-288

References

https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064Release NotesVendor Advisory
https://www.pingidentity.com/en/resources/downloads/pingfederate.htmlVendor Advisory
https://docs.pingidentity.com/bundle/pingfederate-pingone-mfa-ik/page/wpt1599064Release NotesVendor Advisory
https://www.pingidentity.com/en/resources/downloads/pingfederate.htmlVendor Advisory

FAQ

What is CVE-2022-23723?

CVE-2022-23723 is a vulnerability with a CVSS score of 7.7 (HIGH). An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.

How severe is CVE-2022-23723?

CVE-2022-23723 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-23723?

Check the references section above for vendor advisories and patch information. Affected products include: Pingidentity Pingone Mfa Integration Kit.