Skip to main content

Pingid Integration For Windows Login

7 CVEs product

Monthly

CVE-2022-23725 MEDIUM This Month

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-23720 HIGH This Week

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-23719 MEDIUM This Month

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. Rated medium severity (CVSS 6.4). No vendor patch available.

Denial Of Service Java Microsoft Pingid Integration For Windows Login
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2022-23718 HIGH This Week

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Pingid Integration For Windows Login
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2022-23717 MEDIUM This Month

PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Pingid Integration For Windows Login
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-23724 HIGH This Week

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pingid Integration For Windows Login
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2020-25826 HIGH POC This Week

PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
CVSS 3.1
7.8
EPSS
0.4%
EPSS 0% CVSS 5.5
MEDIUM This Month

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
EPSS 0% CVSS 8.2
HIGH This Week

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. Rated medium severity (CVSS 6.4). No vendor patch available.

Denial Of Service Java Microsoft +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Pingid Integration For Windows Login
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Pingid Integration For Windows Login
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Use of static encryption key material allows forging an authentication token to other users within a tenant organization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pingid Integration For Windows Login
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Pingid Integration For Windows Login
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy