Pingidentity Pingid Integration For Windows Login — known CVE vulnerabilities
Every CVE whose affected-product data names Pingidentity Pingid Integration For Windows Login, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2020-25826 — CVSS 7.8 (high): PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.
CVE-2021-41992 — CVSS 7.7 (high): A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA…
CVE-2022-23725 — CVSS 7.7 (high): PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under…
CVE-2022-23718 — CVSS 7.6 (high): PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving…
CVE-2022-23720 — CVSS 7.5 (high): PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties…
CVE-2022-23719 — CVSS 7.2 (high): PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An…
CVE-2022-23724 — CVSS 6.4 (medium): Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be…
CVE-2022-23717 — CVSS 5.0 (medium): PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline…
CVE-2022-23721 — CVSS 3.8 (low): PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two…