Lucene search

K
cvelistRedhatCVELIST:CVE-2017-15135
HistoryJan 24, 2018 - 3:00 p.m.

CVE-2017-15135

2018-01-2415:00:00
CWE-287
redhat
www.cve.org

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.

CNA Affected

[
  {
    "product": "389-ds-base",
    "vendor": "Red Hat, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "since 1.3.6.1 up to and including 1.4.0.3"
      }
    ]
  }
]

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%