Unrated severityNVD Advisory· Published Jan 11, 2023· Updated Apr 7, 2025
CVE-2023-22947
CVE-2023-22947
Description
Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.