CVE-2021-42000

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.5 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://docs.pingidentity.com/bundle/pingfederate-103/page/hhm1634833631515.html	Release Notes Vendor Advisory
https://www.pingidentity.com/en/resources/downloads/pingfederate.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate:9.3.3:-::::::
	cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15::::::

History

No history.

Information

Published : 2022-02-10 23:15

Updated : 2024-02-28 19:09

NVD link : CVE-2021-42000

Mitre link : CVE-2021-42000

CVE.ORG link : CVE-2021-42000

JSON object : View

Products Affected

pingidentity

pingfederate

CWE

NVD-CWE-Other CWE-285

Improper Authorization

{"id": "CVE-2021-42000", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "responsible-disclosure@pingidentity.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2022-02-10T23:15:07.883", "references": [{"url": "https://docs.pingidentity.com/bundle/pingfederate-103/page/hhm1634833631515.html", "tags": ["Release Notes", "Vendor Advisory"], "source": "responsible-disclosure@pingidentity.com"}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate.html", "tags": ["Vendor Advisory"], "source": "responsible-disclosure@pingidentity.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "responsible-disclosure@pingidentity.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password."}, {"lang": "es", "value": "Cuando es configurado un flujo de restablecimiento o cambio de contrase\u00f1a con una pol\u00edtica de autenticaci\u00f3n y el adaptador de la pol\u00edtica de restablecimiento o cambio admite varios flujos de restablecimiento paralelos, un usuario existente puede restablecer la contrase\u00f1a de otro usuario existente"}], "lastModified": "2022-08-09T00:39:22.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB058363-5A8D-4442-9147-B3798B920A28", "versionEndIncluding": "9.3.0"}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3021BD2B-BEBD-4FF9-A252-83DF7A4B1E12", "versionEndIncluding": "10.0.11", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "226726D8-E657-4C17-8C2D-BA811CCC99A9", "versionEndIncluding": "10.1.8", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A910AEE-6D4B-450E-9D35-F6D024536AB7", "versionEndIncluding": "10.2.6", "versionStartIncluding": "10.2.0"}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56B3CEA4-A6ED-414A-A73A-D8BA6FF544C7", "versionEndIncluding": "10.3.2", "versionStartIncluding": "10.3.0"}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:9.3.3:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92FA1B8B-3476-4CC5-86F3-25E2ECB65B49"}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:9.3.3:p15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "742ABDC8-3F6F-4D21-9FFE-BDF5F098FD60"}], "operator": "OR"}]}], "sourceIdentifier": "responsible-disclosure@pingidentity.com"}