CVE-2023-36496

Summary

Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.

Affected Software

VendorProductVersion RangeStatus
Ping IdentityPingDirectory8.3 <= 8.3.0.8affected
Ping IdentityPingDirectory9.0 <= 9.0.0.5affected
Ping IdentityPingDirectory9.1 <= 9.1.0.2affected
Ping IdentityPingDirectory9.2 <= 9.2.0.1affected
Ping IdentityPingDirectory9.3 < 9.3.0.1affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References