CVE-2021-42000
Description
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.117
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Federate 10.0.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Federate 10.1.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Federate 10.2.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Federate 10.3.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Federate 9.3.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Federate 9.3.3 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Identity PingFederate 10.0.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Identity PingFederate 10.1.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Identity PingFederate 10.2.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Identity PingFederate 10.3.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Identity PingFederate 9.3.0 | Windows |
| Vulnerabilities CVE-2021-42000,CVE-2022-23722 are affected in Ping Identity PingFederate 9.3.3 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234