5

CVE-2014-9043

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.

Data is provided by the National Vulnerability Database (NVD)
OwncloudOwncloud Version <= 5.0.17
OwncloudOwncloud Server Version5.0.0
OwncloudOwncloud Server Version5.0.1
OwncloudOwncloud Server Version5.0.2
OwncloudOwncloud Server Version5.0.3
OwncloudOwncloud Server Version5.0.4
OwncloudOwncloud Server Version5.0.5
OwncloudOwncloud Server Version5.0.6
OwncloudOwncloud Server Version5.0.7
OwncloudOwncloud Server Version5.0.8
OwncloudOwncloud Server Version5.0.9
OwncloudOwncloud Server Version5.0.10
OwncloudOwncloud Server Version5.0.11
OwncloudOwncloud Server Version5.0.12
OwncloudOwncloud Server Version5.0.13
OwncloudOwncloud Server Version5.0.14
OwncloudOwncloud Server Version5.0.14 Updatea
OwncloudOwncloud Server Version5.0.15
OwncloudOwncloud Server Version5.0.16
OwncloudOwncloud Server Version6.0.0
OwncloudOwncloud Server Version6.0.1
OwncloudOwncloud Server Version6.0.2
OwncloudOwncloud Server Version6.0.3
OwncloudOwncloud Server Version6.0.4
OwncloudOwncloud Server Version6.0.5
OwncloudOwncloud Server Version7.0.0
OwncloudOwncloud Server Version7.0.1
OwncloudOwncloud Server Version7.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.38% 0.568
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.