CVE-2023-36496 - Vulnerability Details - OpenCVE

Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00039.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Pingidentity	Pingdirectory

Configuration 1 [-]

OR	cpe:2.3:a:pingidentity:pingdirectory::::::::
	cpe:2.3:a:pingidentity:pingdirectory::::::::
	cpe:2.3:a:pingidentity:pingdirectory::::::::
	cpe:2.3:a:pingidentity:pingdirectory:9.2.0.0:::::::*
	cpe:2.3:a:pingidentity:pingdirectory:9.2.0.1:::::::*
	cpe:2.3:a:pingidentity:pingdirectory:9.3.0.0:::::::*
	cpe:2.3:a:pingidentity:pingdirectory:9.3.0.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-40445	Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284
https://support.pingidentity.com/s/article/SECADV039
https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html

History

Tue, 17 Jun 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Ping Identity

Published: 2024-02-01T23:00:03.660Z

Updated: 2025-06-17T21:29:22.156Z

Reserved: 2023-07-25T20:13:14.880Z

Link: CVE-2023-36496

Vulnrichment

Updated: 2024-08-02T16:45:57.106Z

NVD

Status : Modified

Published: 2024-02-01T23:15:09.107

Modified: 2024-11-21T08:09:49.830

Link: CVE-2023-36496

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36496", "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "state": "PUBLISHED", "assignerShortName": "Ping Identity", "dateReserved": "2023-07-25T20:13:14.880Z", "datePublished": "2024-02-01T23:00:03.660Z", "dateUpdated": "2025-06-17T21:29:22.156Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "PingDirectory", "vendor": "Ping Identity", "versions": [{"lessThanOrEqual": "8.3.0.8", "status": "affected", "version": "8.3", "versionType": "8.3.0.9"}, {"lessThanOrEqual": "9.0.0.5", "status": "affected", "version": "9.0", "versionType": "9.0.0.6"}, {"lessThanOrEqual": "9.1.0.2", "status": "affected", "version": "9.1", "versionType": "9.1.0.3"}, {"lessThanOrEqual": "9.2.0.1", "status": "affected", "version": "9.2", "versionType": "9.2.0.2"}, {"lessThan": "9.3.0.1", "status": "affected", "version": "9.3", "versionType": "9.3.0.1"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Enable Delegated Admin virtual attribute provider"}], "value": "Enable Delegated Admin virtual attribute provider"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.</span><br>"}], "value": "Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\n"}], "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity", "dateUpdated": "2024-02-01T23:00:03.660Z"}, "references": [{"url": "https://support.pingidentity.com/s/article/SECADV039"}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"}, {"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"}], "source": {"advisory": "SECADV039", "defect": ["DS-47632"], "discovery": "INTERNAL"}, "title": "Delegated Admin Virtual Attribute Provider Privilege Escalation", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:45:57.106Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.pingidentity.com/s/article/SECADV039", "tags": ["x_transferred"]}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html", "tags": ["x_transferred"]}, {"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36496", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-02T18:01:23.224460Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:29:22.156Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.pingidentity.com/s/article/SECADV039", "tags": ["x_transferred"]}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html", "tags": ["x_transferred"]}, {"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:45:57.106Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-36496", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-02-02T18:01:23.224460Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T21:23:40.724Z"}}], "cna": {"title": "Delegated Admin Virtual Attribute Provider Privilege Escalation", "source": {"defect": ["DS-47632"], "advisory": "SECADV039", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Ping Identity", "product": "PingDirectory", "versions": [{"status": "affected", "version": "8.3", "versionType": "8.3.0.9", "lessThanOrEqual": "8.3.0.8"}, {"status": "affected", "version": "9.0", "versionType": "9.0.0.6", "lessThanOrEqual": "9.0.0.5"}, {"status": "affected", "version": "9.1", "versionType": "9.1.0.3", "lessThanOrEqual": "9.1.0.2"}, {"status": "affected", "version": "9.2", "versionType": "9.2.0.2", "lessThanOrEqual": "9.2.0.1"}, {"status": "affected", "version": "9.3", "lessThan": "9.3.0.1", "versionType": "9.3.0.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.pingidentity.com/s/article/SECADV039"}, {"url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"}, {"url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "configurations": [{"lang": "en", "value": "Enable Delegated Admin virtual attribute provider", "supportingMedia": [{"type": "text/html", "value": "Enable Delegated Admin virtual attribute provider", "base64": false}]}], "providerMetadata": {"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity", "dateUpdated": "2024-02-01T23:00:03.660Z"}}}, "cveMetadata": {"cveId": "CVE-2023-36496", "state": "PUBLISHED", "dateUpdated": "2025-06-17T21:29:22.156Z", "dateReserved": "2023-07-25T20:13:14.880Z", "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "datePublished": "2024-02-01T23:00:03.660Z", "assignerShortName": "Ping Identity"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pingidentity:pingdirectory:*:*:*:*:*:*:*:*", "matchCriteriaId": "2962B5D8-A12A-4D50-99AE-6355AB08F5DC", "versionEndIncluding": "8.3.0.8", "versionStartIncluding": "8.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingdirectory:*:*:*:*:*:*:*:*", "matchCriteriaId": "70836EEB-D037-4560-962B-630C9CCD1262", "versionEndIncluding": "9.0.0.5", "versionStartIncluding": "9.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingdirectory:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBC21BB8-89C1-4DEA-A6D4-F44B99CEEB66", "versionEndIncluding": "9.1.0.2", "versionStartIncluding": "9.1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingdirectory:9.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "402022A7-8257-4453-A488-3B87767FFC2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingdirectory:9.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "20441BBB-9D6F-4AB5-A007-087AEAE5B7C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingdirectory:9.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "66F04A80-B97A-4C03-B75B-F44CEAB7BE15", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingdirectory:9.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DE606D4B-6F7A-4334-BB4E-8D161E3E9C35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server.\n"}, {"lang": "es", "value": "El complemento del proveedor de atributos virtuales Delegated Admin Privilege, cuando est\u00e1 habilitado, permite a un usuario autenticado elevar sus permisos en Directory Server."}], "id": "CVE-2023-36496", "lastModified": "2024-11-21T08:09:49.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.3, "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-01T23:15:09.107", "references": [{"source": "responsible-disclosure@pingidentity.com", "tags": ["Release Notes"], "url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"}, {"source": "responsible-disclosure@pingidentity.com", "tags": ["Permissions Required"], "url": "https://support.pingidentity.com/s/article/SECADV039"}, {"source": "responsible-disclosure@pingidentity.com", "tags": ["Product"], "url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://docs.pingidentity.com/r/en-us/pingdirectory-93/ynf1693338390284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://support.pingidentity.com/s/article/SECADV039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.pingidentity.com/en/resources/downloads/pingdirectory-downloads.html"}], "sourceIdentifier": "responsible-disclosure@pingidentity.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}