6.5

CVE-2014-0132

Exploit

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.

Data is provided by the National Vulnerability Database (NVD)
Fedoraproject389 Directory Server Version <= 1.2.11.25
Fedoraproject389 Directory Server Version1.2.11.1
Fedoraproject389 Directory Server Version1.2.11.5
Fedoraproject389 Directory Server Version1.2.11.6
Fedoraproject389 Directory Server Version1.2.11.8
Fedoraproject389 Directory Server Version1.2.11.9
Fedoraproject389 Directory Server Version1.2.11.10
Fedoraproject389 Directory Server Version1.2.11.11
Fedoraproject389 Directory Server Version1.2.11.12
Fedoraproject389 Directory Server Version1.2.11.13
Fedoraproject389 Directory Server Version1.2.11.14
Fedoraproject389 Directory Server Version1.2.11.15
Fedoraproject389 Directory Server Version1.2.11.17
Fedoraproject389 Directory Server Version1.2.11.19
Fedoraproject389 Directory Server Version1.2.11.20
Fedoraproject389 Directory Server Version1.2.11.21
Fedoraproject389 Directory Server Version1.2.11.22
Fedoraproject389 Directory Server Version1.2.11.23
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.57% 0.676
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.