{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T01:24:59.702","vulnerabilities":[{"cve":{"id":"CVE-2023-40702","sourceIdentifier":"responsible-disclosure@pingidentity.com","published":"2024-07-09T16:15:03.220","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials."},{"lang":"es","value":"El kit de integración de PingOne MFA contiene una vulnerabilidad en la que la acción skipMFA se puede configurar de modo que la autenticación del usuario no requiera la autenticación de segundo factor de los dispositivos registrados existentes del usuario. Un actor de amenazas podría aprovechar esta vulnerabilidad para autenticarse como usuario objetivo si tiene conocimiento de las credenciales de primer factor del usuario objetivo."}],"metrics":{"cvssMetricV40":[{"source":"responsible-disclosure@pingidentity.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"responsible-disclosure@pingidentity.com","type":"Secondary","description":[{"lang":"en","value":"CWE-290"}]}],"references":[{"url":"https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394","source":"responsible-disclosure@pingidentity.com"},{"url":"https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}