CVE-2022-23721

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:pingidentity:pingid_integration_for_windows_login:*:*:*:*:*:*:*:*

History

04 May 2023, 19:39

Type	Values Removed	Values Added
CWE		CWE-74
References	~~(MISC) https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9 -~~	(MISC) https://docs.pingidentity.com/r/en-us/pingid/davinci_pingid_windows_login_relnotes_2.9 - Release Notes
First Time		Pingidentity Pingidentity pingid Integration For Windows Login
CPE		cpe:2.3:a:pingidentity:pingid_integration_for_windows_login::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.3

25 Apr 2023, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-04-25 19:15

Updated : 2023-12-10 15:01

NVD link : CVE-2022-23721

Mitre link : CVE-2022-23721

CVE.ORG link : CVE-2022-23721

JSON object : View

Products Affected

pingidentity

pingid_integration_for_windows_login

CWE

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-694

Use of Multiple Resources with Duplicate Identifier

3.3 /10