CVE-2022-23718

Summary

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingID Windows Loginunspecified < 2.8affected

Weaknesses

  • CWE-1352: CWE-1352 OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components

ADP Enrichment

CVE Program Container

Additional References

References