How severe is CVE-2022-23720?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2022-23720?

This is classified as CWE-288, which is a common weakness in software security.

CVE-2022-23720 - HIGH Severity | CVSS 8.2

Vulnerability Description

PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints.

Related Vulnerabilities

CVE-2022-42276

HIGH

CVSS:8.2(High)

NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileg...

CWE-2882022

CVE-2022-42277

HIGH

CVSS:8.2(High)

NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privi...

CWE-2882022

CVE-2024-1646

HIGH

CVSS:8.2(High)

parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, ...

CWE-2882024

CVE-2024-26566

HIGH

CVSS:8.2(High)

An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component.

CWE-2882024

CVE-2019-3758

HIGH

CVSS:8.1(High)

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthentica...

CWE-2882019

CVE-2020-10283

HIGH

CVSS:8.1(High)

The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopi...

CWE-2882020