PingOne MFA Integration Kit
by Pingidentity
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-40356 | Hig | 0.57 | — | 0.00 | Jul 9, 2024 | PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from… | ||
| CVE-2023-40702 | Hig | 0.50 | — | 0.00 | Jul 9, 2024 | PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability… | ||
| CVE-2023-39231 | 0.00 | — | 0.01 | Oct 24, 2023 | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of… | |||
| CVE-2022-23723 | 0.00 | — | 0.01 | May 2, 2022 | An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. |
- risk 0.57cvss —epss 0.00
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from…
- risk 0.50cvss —epss 0.00
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability…
- CVE-2023-39231Oct 24, 2023risk 0.00cvss —epss 0.01
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of…
- CVE-2022-23723May 2, 2022risk 0.00cvss —epss 0.01
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.