CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
77.9%
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind.
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | 389_directory_server | * | cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.1 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.1:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.5 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.5:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.6 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.6:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.8 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.8:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.9 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.9:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.10 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.10:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.11 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.11:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.12 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.12:*:*:*:*:*:*:* |
fedoraproject | 389_directory_server | 1.2.11.13 | cpe:2.3:a:fedoraproject:389_directory_server:1.2.11.13:*:*:*:*:*:*:* |