CVE-2023-36496

HIGH

Delegated Admin Privilege - Privilege Escalation

Title source: llm

Description

Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.

References (3)

Core 3

Core References

Release Notes

https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284

Permissions Required

https://support.pingidentity.com/s/article/SECADV039

Product

https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html

Scores

CVSS v3 7.7

EPSS 0.0052

EPSS Percentile 39.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (5)

pingidentity/pingdirectory 9.2.0.0

pingidentity/pingdirectory 9.2.0.1

pingidentity/pingdirectory 9.3.0.0

pingidentity/pingdirectory 9.3.0.1

pingidentity/pingdirectory 8.3.0.0 - 8.3.0.8

Published Feb 01, 2024

Tracked Since Feb 18, 2026