CVE-2022-23726

Summary

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingCentral1.10 < 1.10affected
Ping IdentityPingCentral1.9 < 1.9.3affected
Ping IdentityPingCentral1.8 < 1.8.4affected

Weaknesses

  • CWE-200: CWE-200 Information Exposure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References