CVE-2022-23726

CVSS v3.1

5.4

Medium

Vector

AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions PingCentral versions prior to listed versions

Description The issue exposes Spring Boot actuator endpoints, which can return large amounts of sensitive environmental and application information when accessed with administrative authentication.

Recommendations For versions prior to the listed versions, consider restricting access to the Spring Boot actuator endpoints as a temporary workaround until a patch is available. Additionally, review and limit administrative authentication to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-732

Related Identifiers

CVE-2022-23726

Affected Products

Pingcentral

Spring Boot

CVE-2022-23726

Weakness Enumeration

Related Identifiers

Affected Products

References · 5