CVE-2022-23723 HIGH

CVE-2022-23723: PingFederate PingOneMFA Integration Kit MFA Bypass

Vendor Ping Identity
Product PingFederate PingOne MFA Integration Kit
Weakness CWE-288
Published May 2, 2022
Last update August 3, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.

Key dates

02Disclosure timeline

May 2, 2022 CVE published
August 3, 2024 Record updated