CVE-2023-36496

Description

Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

Low

Affected products

Ping Identity / PingDirectory8.3 – 8.3.0.8
Ping Identity / PingDirectory9.0 – 9.0.0.5
Ping Identity / PingDirectory9.1 – 9.1.0.2
Ping Identity / PingDirectory9.2 – 9.2.0.1
Ping Identity / PingDirectory9.3 – 9.3.0.1

References

MISChttps://support.pingidentity.com/s/article/SECADV039
MISChttps://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html
MISChttps://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284