← back
CVE-2023-36496

Delegated Admin Virtual Attribute Provider Privilege Escalation

CVSS 7.7 HIGHEPSS 0.5%CWE-269
Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L
Affected products
Ping Identity · PingDirectory

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284https://support.pingidentity.com/s/article/SECADV039https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html