CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-42001

HIGH
8.0
CVSS Severity Score
EPSS Score0.0160%
EPSS Percentile30.37th
Published2022年4月30日
Last Modified2024年11月21日

Vulnerability Description

PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.

Affected Platforms (CPE)

📦
Pingidentity

Pingid Desktop

< 1.7.3
📦
Pingidentity

Pingid Desktop

< 1.7.3

References & Advisories

🔗 https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html
🔗 https://www.pingidentity.com/en/resources/downloads/pingid.html
🔗 https://docs.pingidentity.com/bundle/pingid/page/dyt1645545885978.html
🔗 https://www.pingidentity.com/en/resources/downloads/pingid.html

関連する脆弱性情報

CVE-2021-2132210.0

fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By c...

CVE-2021-2132110.0

fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-r...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-217710.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version tha...