CVE-2021-42001

high

ForgeRock

CVSS v3 Base Score

8.0

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: April 30, 2022 (1475 days ago)

Last Modified: November 21, 2024

Vendor: ForgeRock

Source: NVD

Description

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.

References

🔗 docs.pingidentity.com 🔗 www.pingidentity.com 🔗 docs.pingidentity.com 🔗 www.pingidentity.com

CVE-2021-42001

Vulnerability Report

Description

References