CVE-2022-40722 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.7 HIGH	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
Ping Identity	CNA	7.7 HIGH	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Vendor	Product	Version
pingidentity	pingfederate	11.1.0 ≤ 𝑥 ≤ 11.1.5
pingidentity	pingfederate	11.2.0 ≤ 𝑥 ≤ 11.2.2
pingidentity	pingid_adapter_for_pingfederate	𝑥 < 2.13.2
pingidentity	pingid_integration_kit	𝑥 < 2.24

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-780 - Use of RSA Algorithm without OAEP
The software uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa

https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn

https://docs.pingidentity.com/r/en-us/pingid/pingid_adapter_configuring_offline_mfa

https://docs.pingidentity.com/r/en-us/pingid/pingid_integration_kit_2_20_rn