This page lists publicly disclosed CVE vulnerabilities affecting pingidentity pingone_mfa_integration_kit (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-39231 | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | [email protected] | 7.3 | 0.53% | 2023-10-25 | 2026-06-17 |
| CVE-2022-23723 | An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. | [email protected] | 7.7 | 0.81% | 2022-05-02 | 2026-06-17 |