7.5
CVE-2014-0097
- EPSS 0.31%
- Veröffentlicht 25.05.2017 17:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle security_alert@emc.com
- Teams Watchlist Login
- Unerledigt Login
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Spring Security Version3.1.0
VMware ≫ Spring Security Version3.1.1
VMware ≫ Spring Security Version3.1.2
VMware ≫ Spring Security Version3.1.3
VMware ≫ Spring Security Version3.1.4
VMware ≫ Spring Security Version3.1.5
VMware ≫ Spring Security Version3.2.0
VMware ≫ Spring Security Version3.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.539 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 3.9 | 3.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.