CVE-2022-23722 - OpenCVE

When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pingidentity	Pingfederate

Configuration 1 [-]

OR	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15::::::
	cpe:2.3:a:pingidentity:pingfederate:11.0.0:::::::*

No data.

References

Link	Providers
https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html
https://www.pingidentity.com/en/resources/downloads/pingfederate.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Ping Identity

Published: 2022-05-02T22:05:13

Updated: 2024-08-03T03:51:46.174Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23722

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-02T22:15:09.647

Modified: 2023-11-07T03:44:17.477

Link: CVE-2022-23722

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "PingFederate", "vendor": "Ping Identity", "versions": [{"lessThanOrEqual": "11.0", "status": "affected", "version": "11.0", "versionType": "custom"}, {"lessThanOrEqual": "10.3.4", "status": "affected", "version": "10.3", "versionType": "custom"}, {"lessThanOrEqual": "10.2.7", "status": "affected", "version": "10.2", "versionType": "custom"}, {"lessThanOrEqual": "10.1.9", "status": "affected", "version": "10.1", "versionType": "custom"}, {"lessThanOrEqual": "10.0.12", "status": "affected", "version": "10.0", "versionType": "custom"}, {"lessThanOrEqual": "9.3.3P16", "status": "affected", "version": "9.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-02T22:05:13", "orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"}], "source": {"advisory": "SECBL021", "defect": ["PF-30450"], "discovery": "INTERNAL"}, "title": "PingFederate Password Reset via Authentication API Mishandling", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "responsible-disclosure@pingidentity.com", "ID": "CVE-2022-23722", "STATE": "PUBLIC", "TITLE": "PingFederate Password Reset via Authentication API Mishandling"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PingFederate", "version": {"version_data": [{"version_affected": "<=", "version_name": "11.0", "version_value": "11.0"}, {"version_affected": "<=", "version_name": "10.3", "version_value": "10.3.4"}, {"version_affected": "<=", "version_name": "10.2", "version_value": "10.2.7"}, {"version_affected": "<=", "version_name": "10.1", "version_value": "10.1.9"}, {"version_affected": "<=", "version_name": "10.0", "version_value": "10.0.12"}, {"version_affected": "<=", "version_name": "9.3", "version_value": "9.3.3P16"}]}}]}, "vendor_name": "Ping Identity"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}]}, "references": {"reference_data": [{"name": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", "refsource": "MISC", "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"}, {"name": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html", "refsource": "MISC", "url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"}]}, "source": {"advisory": "SECBL021", "defect": ["PF-30450"], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:46.174Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"}]}]}, "cveMetadata": {"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "assignerShortName": "Ping Identity", "cveId": "CVE-2022-23722", "datePublished": "2022-05-02T22:05:13", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:46.174Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF59C274-0837-41EF-BD03-B2C762B8AD2E", "versionEndExcluding": "9.3.3", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C32AD2C-6B70-49E0-B4C1-829735EDBA35", "versionEndExcluding": "10.0.12", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "23194E8C-C2BD-4A0C-875D-BBF15679A0F1", "versionEndExcluding": "10.1.9", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "0887EB34-CD7F-4A26-AEC5-DCC5DA07E795", "versionEndExcluding": "10.2.7", "versionStartIncluding": "10.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC079534-00BB-4965-88F1-D8FDF79FF35C", "versionEndExcluding": "10.3.4", "versionStartIncluding": "10.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15:*:*:*:*:*:*", "matchCriteriaId": "742ABDC8-3F6F-4D21-9FFE-BDF5F098FD60", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E04A442B-5726-4057-B6B3-7BB6021255AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u2019s password."}, {"lang": "es", "value": "Cuando un mecanismo de restablecimiento de contrase\u00f1a est\u00e1 configurado para usar la API de Autenticaci\u00f3n con una Pol\u00edtica de Autenticaci\u00f3n, una Contrase\u00f1a de Una sola vez por correo electr\u00f3nico, PingID o autenticaci\u00f3n por SMS, un usuario existente puede restablecer la contrase\u00f1a de otro usuario existente"}], "id": "CVE-2022-23722", "lastModified": "2023-11-07T03:44:17.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-02T22:15:09.647", "references": [{"source": "responsible-disclosure@pingidentity.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.pingidentity.com/bundle/pingfederate-110/page/spk1642790928508.html"}, {"source": "responsible-disclosure@pingidentity.com", "tags": ["Vendor Advisory"], "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html"}], "sourceIdentifier": "responsible-disclosure@pingidentity.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}], "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}]}