Insecure Folder Permissions in Shibboleth Service Provider on Windows
CVE-2023-22947

7.3HIGH

Key Information:

Vendor: Shibboleth
Status: Service Provider
Vendor: CVE Published:; 11 January 2023

What is CVE-2023-22947?

The Shibboleth Service Provider (SP) for Windows prior to version 3.4.1 has a vulnerability due to insecure folder permissions. This flaw allows unprivileged local attackers to escalate privileges to the SYSTEM account. The issue arises from the default installation path, which is C:\opt instead of the more secured C:\Program Files. Attackers could exploit this vulnerability through DLL planting in the executable folder, potentially compromising system integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://shibboleth.atlassian.net/browse/SSPCPP-961

https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/20...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2023
Vulnerability Reserved
Jan 11, 2023

JSON

Shibboleth

What is CVE-2023-22947?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.