CVE-2023-36496

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 1, 2024
Updated: Feb 9, 2024
CWE ID 269

Summary

CVE-2023-36496 is a vulnerability that affects multiple products, including ueWwoY, ueWwoZ, ueWwoa, and others. It is categorized as an Improper Privilege Management vulnerability (CWE-269), with a base severity rating of HIGH and a base score of 8.8. The vulnerability allows an authenticated user to elevate their permissions in the Directory Server when the Delegated Admin Privilege virtual attribute provider plugin is enabled. The exploitability score for this vulnerability is 2.8, indicating a moderate level of difficulty to exploit. The potential danger it poses to an organization is significant, as it can result in high impacts on integrity and confidentiality. To remediate this vulnerability, organizations should consider disabling or patching the affected products and ensuring proper privilege management practices are implemented.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36496 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options