4.9

CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenldapOpenldap Version < 2.4.48
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
DebianDebian Linux Version8.0
OpensuseLeap Version15.0
OpensuseLeap Version15.1
ApplemacOS X Version >= 10.13 < 10.13.6
ApplemacOS X Version >= 10.14 < 10.14.6
ApplemacOS X Version >= 10.15 < 10.15.2
ApplemacOS X Version10.13.6 Update-
ApplemacOS X Version10.13.6 Updatesecurity_update_2018-002
ApplemacOS X Version10.13.6 Updatesecurity_update_2018-003
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-001
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-002
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-003
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-004
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-005
ApplemacOS X Version10.13.6 Updatesecurity_update_2019-006
ApplemacOS X Version10.14.6
ApplemacOS X Version10.14.6 Update-
ApplemacOS X Version10.14.6 Updatesecurity_update_2019-001
McafeePolicy Auditor Version < 6.5.1
McafeePolicy Auditor Version6.5.1
OracleBlockchain Platform Version < 21.1.2
OracleSolaris Version11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.21% 0.865
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://seclists.org/fulldisclosure/2019/Dec/26
Third Party Advisory
Mailing List
https://seclists.org/bugtraq/2019/Dec/23
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT210788
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html
Third Party Advisory
Mailing List
https://security.netapp.com/advisory/ntap-20190822-0004/
Third Party Advisory
https://usn.ubuntu.com/4078-1/
Third Party Advisory
https://usn.ubuntu.com/4078-2/
Third Party Advisory
https://www.openldap.org/its/?findid=9038
Vendor Advisory
Mailing List
https://www.openldap.org/lists/openldap-announce/201907/msg00001.html
Vendor Advisory
Mailing List
Product