Lucene search
Ping IdentityCVELIST:CVE-2023-36496HistoryFeb 01, 2024 - 11:00 p.m.
CVE-2023-36496 Delegated Admin Virtual Attribute Provider Privilege Escalation
2024-02-0123:00:03
CWE-269
Ping Identity
www.cve.org
1
delegated admin
virtual attribute provider
privilege escalation
authenticated user
directory server
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
22.8%
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "PingDirectory",
"vendor": "Ping Identity",
"versions": [
{
"lessThanOrEqual": "8.3.0.8",
"status": "affected",
"version": "8.3",
"versionType": "8.3.0.9"
},
{
"lessThanOrEqual": "9.0.0.5",
"status": "affected",
"version": "9.0",
"versionType": "9.0.0.6"
},
{
"lessThanOrEqual": "9.1.0.2",
"status": "affected",
"version": "9.1",
"versionType": "9.1.0.3"
},
{
"lessThanOrEqual": "9.2.0.1",
"status": "affected",
"version": "9.2",
"versionType": "9.2.0.2"
},
{
"lessThan": "9.3.0.1",
"status": "affected",
"version": "9.3",
"versionType": "9.3.0.1"
}
]
}
]Related
cve
cve
CVE-2023-36496
2024-02-01 23:15:09
prion
prion
Design/Logic Flaw
2024-02-01 23:15:00
nvd
nvd
CVE-2023-36496
2024-02-01 23:15:09
CVSS3
7.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
22.8%
Related for CVELIST:CVE-2023-36496