本ページは pingidentity pingone_mfa_integration_kit に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-39231 | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | [email protected] | 7.3 | 0.53% | 2023-10-25 | 2026-06-17 |
| CVE-2022-23723 | An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | [email protected] | 7.7 | 0.81% | 2022-05-02 | 2026-06-17 |