Vulnerabilities > CVE-2021-42000 - Unspecified vulnerability in Pingidentity Pingfederate

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

pingidentity

NVD

Published: 2022-02-10

Updated: 2022-08-09

Summary

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.

Vulnerable Configurations

Part	Description	Count
Application	Pingidentity Pingidentity Pingfederate 10.3.0 Pingidentity Pingfederate 10.2.0 Pingidentity Pingfederate 10.1.0 Pingidentity Pingfederate 10.0.0 Pingidentity Pingfederate 9.3.3 Pingidentity Pingfederate 6.10.1 Pingidentity Pingfederate 9.3.0	8

References

https://www.pingidentity.com/en/resources/downloads/pingfederate.html
https://docs.pingidentity.com/bundle/pingfederate-103/page/hhm1634833631515.html