CVE-2022-23719

high

ForgeRock

CVSS v3 Base Score

7.2

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Characteristics

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: June 30, 2022 (1414 days ago)

Last Modified: November 21, 2024

Vendor: ForgeRock

Source: NVD

Description

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication.

References

🔗 docs.pingidentity.com 🔗 www.pingidentity.com 🔗 docs.pingidentity.com 🔗 www.pingidentity.com

CVE-2022-23719

Vulnerability Report

Description

References