CVE-2022-40723
First published: Tue Apr 25 2023(Updated: )
Credit: responsible-disclosure@pingidentity.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pingidentity Pingfederate | >=11.1.0<=11.1.5 | |
| Pingidentity Pingfederate | >=11.2.0<=11.2.2 | |
| Pingidentity Pingid Integration Kit | <2.24 | |
| Pingidentity Radius Pcv | >=3.0.0<3.0.2 | |
| Pingidentity Radius Pcv | =2.10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-40723?
CVE-2022-40723 is a vulnerability in the PingID RADIUS PCV adapter for PingFederate.
How does CVE-2022-40723 affect PingFederate?
CVE-2022-40723 allows for MFA bypass under certain configurations when using PingFederate with the PingID RADIUS PCV adapter.
Which versions of PingFederate are affected by CVE-2022-40723?
PingFederate versions 11.1.0 to 11.1.5 and 11.2.0 to 11.2.2 are affected by CVE-2022-40723.
Is the PingID Integration Kit affected by CVE-2022-40723?
Yes, the PingID Integration Kit is affected by CVE-2022-40723 if it is version 2.24 or below.
How can I fix CVE-2022-40723?
To fix CVE-2022-40723, update PingFederate to a version that is not affected or apply the necessary security patches provided by Pingidentity.
- collector/nvd-index
- vendor/pingidentity
- product/pingfederate
- canonical/pingidentity pingfederate
- product/pingid integration kit
- canonical/pingidentity pingid integration kit
- product/radius pcv
- canonical/pingidentity radius pcv