Search criteria
2 vulnerabilities found for PingDirectory by Ping Identity
CVE-2023-36496 (GCVE-0-2023-36496)
Vulnerability from nvd – Published: 2024-02-01 23:00 – Updated: 2025-06-17 21:29
VLAI?
Title
Delegated Admin Virtual Attribute Provider Privilege Escalation
Summary
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
Severity ?
7.7 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ping Identity | PingDirectory |
Affected:
8.3 , ≤ 8.3.0.8
(8.3.0.9)
Affected: 9.0 , ≤ 9.0.0.5 (9.0.0.6) Affected: 9.1 , ≤ 9.1.0.2 (9.1.0.3) Affected: 9.2 , ≤ 9.2.0.1 (9.2.0.2) Affected: 9.3 , < 9.3.0.1 (9.3.0.1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pingidentity.com/s/article/SECADV039"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T18:01:23.224460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:22.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PingDirectory",
"vendor": "Ping Identity",
"versions": [
{
"lessThanOrEqual": "8.3.0.8",
"status": "affected",
"version": "8.3",
"versionType": "8.3.0.9"
},
{
"lessThanOrEqual": "9.0.0.5",
"status": "affected",
"version": "9.0",
"versionType": "9.0.0.6"
},
{
"lessThanOrEqual": "9.1.0.2",
"status": "affected",
"version": "9.1",
"versionType": "9.1.0.3"
},
{
"lessThanOrEqual": "9.2.0.1",
"status": "affected",
"version": "9.2",
"versionType": "9.2.0.2"
},
{
"lessThan": "9.3.0.1",
"status": "affected",
"version": "9.3",
"versionType": "9.3.0.1"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enable Delegated Admin virtual attribute provider"
}
],
"value": "Enable Delegated Admin virtual attribute provider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T23:00:03.660Z",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"url": "https://support.pingidentity.com/s/article/SECADV039"
},
{
"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
},
{
"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"
}
],
"source": {
"advisory": "SECADV039",
"defect": [
"DS-47632"
],
"discovery": "INTERNAL"
},
"title": "Delegated Admin Virtual Attribute Provider Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2023-36496",
"datePublished": "2024-02-01T23:00:03.660Z",
"dateReserved": "2023-07-25T20:13:14.880Z",
"dateUpdated": "2025-06-17T21:29:22.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36496 (GCVE-0-2023-36496)
Vulnerability from cvelistv5 – Published: 2024-02-01 23:00 – Updated: 2025-06-17 21:29
VLAI?
Title
Delegated Admin Virtual Attribute Provider Privilege Escalation
Summary
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
Severity ?
7.7 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ping Identity | PingDirectory |
Affected:
8.3 , ≤ 8.3.0.8
(8.3.0.9)
Affected: 9.0 , ≤ 9.0.0.5 (9.0.0.6) Affected: 9.1 , ≤ 9.1.0.2 (9.1.0.3) Affected: 9.2 , ≤ 9.2.0.1 (9.2.0.2) Affected: 9.3 , < 9.3.0.1 (9.3.0.1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pingidentity.com/s/article/SECADV039"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T18:01:23.224460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:22.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PingDirectory",
"vendor": "Ping Identity",
"versions": [
{
"lessThanOrEqual": "8.3.0.8",
"status": "affected",
"version": "8.3",
"versionType": "8.3.0.9"
},
{
"lessThanOrEqual": "9.0.0.5",
"status": "affected",
"version": "9.0",
"versionType": "9.0.0.6"
},
{
"lessThanOrEqual": "9.1.0.2",
"status": "affected",
"version": "9.1",
"versionType": "9.1.0.3"
},
{
"lessThanOrEqual": "9.2.0.1",
"status": "affected",
"version": "9.2",
"versionType": "9.2.0.2"
},
{
"lessThan": "9.3.0.1",
"status": "affected",
"version": "9.3",
"versionType": "9.3.0.1"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enable Delegated Admin virtual attribute provider"
}
],
"value": "Enable Delegated Admin virtual attribute provider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T23:00:03.660Z",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"url": "https://support.pingidentity.com/s/article/SECADV039"
},
{
"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
},
{
"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"
}
],
"source": {
"advisory": "SECADV039",
"defect": [
"DS-47632"
],
"discovery": "INTERNAL"
},
"title": "Delegated Admin Virtual Attribute Provider Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2023-36496",
"datePublished": "2024-02-01T23:00:03.660Z",
"dateReserved": "2023-07-25T20:13:14.880Z",
"dateUpdated": "2025-06-17T21:29:22.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}