4.9

CVE-2019-13057

EPSS 1.14%
Published 26.07.2019 13:15:12
Last modified 21.11.2024 04:24:07
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

Affected products Warnungen 0 Metrics 3 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Openldap ≫ Openldap Version < 2.4.48

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Debian ≫ Debian Linux Version8.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Apple ≫ macOS X Version >= 10.13 < 10.13.6

Apple ≫ macOS X Version >= 10.14 < 10.14.6

Apple ≫ macOS X Version >= 10.15 < 10.15.2

Apple ≫ macOS X Version10.13.6 Update-

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2018-002

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2018-003

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-001

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-002

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-003

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-004

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-005

Apple ≫ macOS X Version10.13.6 Updatesecurity_update_2019-006

Apple ≫ macOS X Version10.14.6

Apple ≫ macOS X Version10.14.6 Update-

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-001

Mcafee ≫ Policy Auditor Version < 6.5.1

Mcafee ≫ Policy Auditor Version6.5.1

Oracle ≫ Blockchain Platform Version < 21.1.2

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Oracle ≫ Solaris Version11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.14%	0.778

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

http://seclists.org/fulldisclosure/2019/Dec/26

Third Party Advisory

Mailing List

https://seclists.org/bugtraq/2019/Dec/23

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT210788

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10365

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Patch

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20190822-0004/

Third Party Advisory

https://usn.ubuntu.com/4078-1/

Third Party Advisory

https://usn.ubuntu.com/4078-2/

Third Party Advisory

https://www.openldap.org/its/?findid=9038

Vendor Advisory

Mailing List

https://www.openldap.org/lists/openldap-announce/201907/msg00001.html

Vendor Advisory

Mailing List

Product

https://nvd.nist.gov/vuln/detail/CVE-2019-13057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-13057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-13057

EUVD