CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40702 – PingOne MFA Integration Kit MFA bypass
https://notcve.org/view.php?id=CVE-2023-40702
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials. • https://docs.pingidentity.com/r/en-us/pingfederate-pingone-mfa-ik/bks1657303194394 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23316 – PingAccess HTTP Request Desynchronization Weakness
https://notcve.org/view.php?id=CVE-2024-23316
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests. La desincronización de solicitudes HTTP en Ping Identity PingAccess, todas las versiones anteriores a 8.0.1 afectadas, permite a un atacante enviar solicitudes de encabezado http especialmente manipuladas para crear una condición de contrabando de solicitudes para solicitudes proxy. • https://docs.pingidentity.com/r/en-us/pingaccess-80/pa_801_rn https://support.pingidentity.com/s/article/SECADV045-PA-HTTP-Smuggling https://www.pingidentity.com/en/resources/downloads/pingaccess.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40148 – PingFederate Server Side Request Forgery vulnerability
https://notcve.org/view.php?id=CVE-2023-40148
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests. Server-Side Request Forgery (SSRF) en PingFederate permite que las solicitudes http no autenticadas ataquen recursos de la red y consuman recursos del lado del servidor a través de solicitudes HTTP POST falsificadas. • https://docs.pingidentity.com/r/en-us/pingfederate-120/tuj1708533127032 https://www.pingidentity.com/en/resources/downloads/pingfederate/previous-releases.html • CWE-918: Server-Side Request Forgery (SSRF) •