{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T18:34:06.379","vulnerabilities":[{"cve":{"id":"CVE-2022-23720","sourceIdentifier":"responsible-disclosure@pingidentity.com","published":"2022-06-30T20:15:08.377","lastModified":"2024-11-21T06:49:10.640","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints."},{"lang":"es","value":"PingID Windows Login versiones anteriores a 2.8, no alerta o detiene la operación si ha sido provisto con el archivo de propiedades de PingID con todos los permisos. Un administrador de TI podría desplegar por error credenciales de API PingID con privilegios de administrador, como los usados típicamente por PingFederate, en los endpoints de usuario de PingID Windows Login. El uso de un archivo de propiedades de permisos completos confidenciales fuera de un límite confiable privilegiado conlleva a un mayor riesgo de exposición o detección, y un atacante podría aprovechar estas credenciales para llevar a cabo acciones administrativas contra las APIs de PingID o los endpoints"}],"metrics":{"cvssMetricV31":[{"source":"responsible-disclosure@pingidentity.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"responsible-disclosure@pingidentity.com","type":"Secondary","description":[{"lang":"en","value":"CWE-288"},{"lang":"en","value":"CWE-648"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*","versionEndExcluding":"2.8","matchCriteriaId":"D631B535-D41D-4179-8E1B-CCAC61DC5236"}]}]}],"references":[{"url":"https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html","source":"responsible-disclosure@pingidentity.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.pingidentity.com/en/resources/downloads/pingid.html","source":"responsible-disclosure@pingidentity.com","tags":["Product","Vendor Advisory"]},{"url":"https://docs.pingidentity.com/bundle/pingid/page/zhy1653552428545.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.pingidentity.com/en/resources/downloads/pingid.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Vendor Advisory"]}]}}]}