CVE-2023-36496

Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
Ping IdentityCNA
7.7 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
pingidentitypingdirectory
8.3.0.0 ≤
𝑥
≤ 8.3.0.8
pingidentitypingdirectory
9.0.0.0 ≤
𝑥
≤ 9.0.0.5
pingidentitypingdirectory
9.1.0.0 ≤
𝑥
≤ 9.1.0.2
pingidentitypingdirectory
9.2.0.0
pingidentitypingdirectory
9.2.0.1
pingidentitypingdirectory
9.3.0.0
pingidentitypingdirectory
9.3.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284
https://support.pingidentity.com/s/article/SECADV039
https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html
https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284
https://support.pingidentity.com/s/article/SECADV039
https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html