Описание
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.
Ссылки
- Release NotesVendor Advisory
- Patch
- Release NotesVendor Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.3 (исключая)Версия до 1.7.3 (исключая)
Одно из
cpe:2.3:a:pingidentity:pingid_desktop:*:*:*:*:*:mac_os_x:*:*
cpe:2.3:a:pingidentity:pingid_desktop:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 44%
0.00218
Низкий
8 High
CVSS3
9.9 Critical
CVSS3
4 Medium
CVSS2
Дефекты
CWE-310
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.
EPSS
Процентиль: 44%
0.00218
Низкий
8 High
CVSS3
9.9 Critical
CVSS3
4 Medium
CVSS2
Дефекты
CWE-310
NVD-CWE-noinfo