Lucene search
HistoryFeb 01, 2024 - 11:15 p.m.
CVE-2023-36496
delegated admin
privilege elevation
directory server
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0.001
Percentile
22.8%
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
Affected configurations
Node
pingidentitypingdirectoryRange8.3.0.0–8.3.0.8
ORpingidentitypingdirectoryRange9.0.0.0–9.0.0.5
ORpingidentitypingdirectoryRange9.1.0.0–9.1.0.2
ORpingidentitypingdirectoryMatch9.2.0.0
ORpingidentitypingdirectoryMatch9.2.0.1
ORpingidentitypingdirectoryMatch9.3.0.0
ORpingidentitypingdirectoryMatch9.3.0.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pingidentity | pingdirectory | * | cpe:2.3:a:pingidentity:pingdirectory:*:*:*:*:*:*:*:* |
| pingidentity | pingdirectory | 9.2.0.0 | cpe:2.3:a:pingidentity:pingdirectory:9.2.0.0:*:*:*:*:*:*:* |
| pingidentity | pingdirectory | 9.2.0.1 | cpe:2.3:a:pingidentity:pingdirectory:9.2.0.1:*:*:*:*:*:*:* |
| pingidentity | pingdirectory | 9.3.0.0 | cpe:2.3:a:pingidentity:pingdirectory:9.3.0.0:*:*:*:*:*:*:* |
| pingidentity | pingdirectory | 9.3.0.1 | cpe:2.3:a:pingidentity:pingdirectory:9.3.0.1:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2023-36496
2024-02-01 23:15:09
prion
prion
Design/Logic Flaw
2024-02-01 23:15:00
cvelist
cvelist
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0.001
Percentile
22.8%
Related for NVD:CVE-2023-36496