OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components

CVE-2022-23718

High

7.6/10

Summary

PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1352 - OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components

Weaknesses in this category are related to the A06 category "Vulnerable and Outdated Components" in the OWASP Top Ten 2021.

References

Advisory Timeline

Published Jun 30, 2022

OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components

CVE-2022-23718

Summary

CWE-1352 - OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS