Headline
CVE-2022-23722: Ping Identity Documentation Portal
When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password.
This document
All documents
This document
Contents
Loading…
Related news
CVE-2022-23904: Account Privilege upgrade on Auctionworx software (CVE-2022-23904) – Ebere
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.