Описание
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
Ссылки
- Release NotesVendor Advisory
- Vendor Advisory
- Release NotesVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.4:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.5:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:pingidentity:pingone_mfa_integration_kit:1.5.2:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00199
Низкий
7.7 High
CVSS3
7.7 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-288
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.
EPSS
Процентиль: 42%
0.00199
Низкий
7.7 High
CVSS3
7.7 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-288
CWE-287