Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
2 vulnerabilities found for PingDirectory by Ping Identity
CVE-2023-36496 (GCVE-0-2023-36496)
Vulnerability from nvd – Published: 2024-02-01 23:00 – Updated: 2025-06-17 21:29
VLAI?
Title
Delegated Admin Virtual Attribute Provider Privilege Escalation
Summary
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
Severity ?
7.7 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ping Identity | PingDirectory |
Affected:
8.3 , ≤ 8.3.0.8
(8.3.0.9)
Affected: 9.0 , ≤ 9.0.0.5 (9.0.0.6) Affected: 9.1 , ≤ 9.1.0.2 (9.1.0.3) Affected: 9.2 , ≤ 9.2.0.1 (9.2.0.2) Affected: 9.3 , < 9.3.0.1 (9.3.0.1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pingidentity.com/s/article/SECADV039"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T18:01:23.224460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:22.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PingDirectory",
"vendor": "Ping Identity",
"versions": [
{
"lessThanOrEqual": "8.3.0.8",
"status": "affected",
"version": "8.3",
"versionType": "8.3.0.9"
},
{
"lessThanOrEqual": "9.0.0.5",
"status": "affected",
"version": "9.0",
"versionType": "9.0.0.6"
},
{
"lessThanOrEqual": "9.1.0.2",
"status": "affected",
"version": "9.1",
"versionType": "9.1.0.3"
},
{
"lessThanOrEqual": "9.2.0.1",
"status": "affected",
"version": "9.2",
"versionType": "9.2.0.2"
},
{
"lessThan": "9.3.0.1",
"status": "affected",
"version": "9.3",
"versionType": "9.3.0.1"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enable Delegated Admin virtual attribute provider"
}
],
"value": "Enable Delegated Admin virtual attribute provider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T23:00:03.660Z",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"url": "https://support.pingidentity.com/s/article/SECADV039"
},
{
"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
},
{
"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"
}
],
"source": {
"advisory": "SECADV039",
"defect": [
"DS-47632"
],
"discovery": "INTERNAL"
},
"title": "Delegated Admin Virtual Attribute Provider Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2023-36496",
"datePublished": "2024-02-01T23:00:03.660Z",
"dateReserved": "2023-07-25T20:13:14.880Z",
"dateUpdated": "2025-06-17T21:29:22.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36496 (GCVE-0-2023-36496)
Vulnerability from cvelistv5 – Published: 2024-02-01 23:00 – Updated: 2025-06-17 21:29
VLAI?
Title
Delegated Admin Virtual Attribute Provider Privilege Escalation
Summary
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
Severity ?
7.7 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ping Identity | PingDirectory |
Affected:
8.3 , ≤ 8.3.0.8
(8.3.0.9)
Affected: 9.0 , ≤ 9.0.0.5 (9.0.0.6) Affected: 9.1 , ≤ 9.1.0.2 (9.1.0.3) Affected: 9.2 , ≤ 9.2.0.1 (9.2.0.2) Affected: 9.3 , < 9.3.0.1 (9.3.0.1) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.pingidentity.com/s/article/SECADV039"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T18:01:23.224460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T21:29:22.156Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PingDirectory",
"vendor": "Ping Identity",
"versions": [
{
"lessThanOrEqual": "8.3.0.8",
"status": "affected",
"version": "8.3",
"versionType": "8.3.0.9"
},
{
"lessThanOrEqual": "9.0.0.5",
"status": "affected",
"version": "9.0",
"versionType": "9.0.0.6"
},
{
"lessThanOrEqual": "9.1.0.2",
"status": "affected",
"version": "9.1",
"versionType": "9.1.0.3"
},
{
"lessThanOrEqual": "9.2.0.1",
"status": "affected",
"version": "9.2",
"versionType": "9.2.0.2"
},
{
"lessThan": "9.3.0.1",
"status": "affected",
"version": "9.3",
"versionType": "9.3.0.1"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enable Delegated Admin virtual attribute provider"
}
],
"value": "Enable Delegated Admin virtual attribute provider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T23:00:03.660Z",
"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"shortName": "Ping Identity"
},
"references": [
{
"url": "https://support.pingidentity.com/s/article/SECADV039"
},
{
"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"
},
{
"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"
}
],
"source": {
"advisory": "SECADV039",
"defect": [
"DS-47632"
],
"discovery": "INTERNAL"
},
"title": "Delegated Admin Virtual Attribute Provider Privilege Escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e",
"assignerShortName": "Ping Identity",
"cveId": "CVE-2023-36496",
"datePublished": "2024-02-01T23:00:03.660Z",
"dateReserved": "2023-07-25T20:13:14.880Z",
"dateUpdated": "2025-06-17T21:29:22.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}