{"vulnerability": "CVE-2022-2372", "sightings": [{"uuid": "ec3d80f2-9c0d-46d9-96a2-a2bc54e6a20f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23726", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17018", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23726\n\ud83d\udd25 CVSS Score: 5.4 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.\n\ud83d\udccf Published: 2022-09-30T14:35:09.086Z\n\ud83d\udccf Modified: 2025-05-20T16:02:08.159Z\n\ud83d\udd17 References:\n1. https://www.pingidentity.com/en/resources/downloads/pingcentral.html\n2. https://docs.pingidentity.com/bundle/pingcentral-110/page/sdd1651696160285.html", "creation_timestamp": "2025-05-20T16:41:10.000000Z"}, {"uuid": "15dd242c-f271-442a-9657-c3dc8aa65e66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23721", "type": "seen", "source": "https://t.me/cibsecurity/62834", "content": "\u203c CVE-2022-23721 \u203c\n\nPingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T22:25:21.000000Z"}, {"uuid": "e177ccff-3b60-435b-9af9-740e1622b1ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23726", "type": "seen", "source": "https://t.me/cibsecurity/50769", "content": "\u203c CVE-2022-23726 \u203c\n\nPingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-30T18:36:10.000000Z"}, {"uuid": "920ffd61-22a0-4f54-bf87-8464aa32cfde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23728", "type": "seen", "source": "https://t.me/cibsecurity/36054", "content": "\u203c CVE-2022-23728 \u203c\n\nAttacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-21T22:13:57.000000Z"}, {"uuid": "244291cf-3fb9-419b-a327-fd669a45bc54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23724", "type": "seen", "source": "https://t.me/cibsecurity/41937", "content": "\u203c CVE-2022-23724 \u203c\n\nUse of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-04T20:35:24.000000Z"}, {"uuid": "3f092f8a-637f-422f-90ff-9ef02d46efec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23723", "type": "seen", "source": "https://t.me/cibsecurity/41788", "content": "\u203c CVE-2022-23723 \u203c\n\nAn MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T09:48:51.000000Z"}, {"uuid": "f3690e37-8696-4d17-bcc0-43fbb4f77a0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23722", "type": "seen", "source": "https://t.me/cibsecurity/41783", "content": "\u203c CVE-2022-23722 \u203c\n\nWhen a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user\u00c3\u00a2\u00e2\u201a\u00ac\u00e2\u201e\u00a2s password.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T02:28:14.000000Z"}, {"uuid": "bf06c879-d9e6-43c3-bc39-db6e56901298", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23729", "type": "seen", "source": "https://t.me/cibsecurity/38423", "content": "\u203c CVE-2022-23729 \u203c\n\nWhen the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-04T18:26:55.000000Z"}, {"uuid": "9787380e-4ca1-458f-a2f9-ac3d7e08d90d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23727", "type": "seen", "source": "https://t.me/cibsecurity/36478", "content": "\u203c CVE-2022-23727 \u203c\n\nThere is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-28T22:21:57.000000Z"}]}