4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.1 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
50.7%
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
seclists.org/fulldisclosure/2019/Dec/26
kc.mcafee.com/corporate/index?page=content&id=SB10365
lists.debian.org/debian-lts-announce/2019/08/msg00024.html
seclists.org/bugtraq/2019/Dec/23
security.netapp.com/advisory/ntap-20190822-0004/
support.apple.com/kb/HT210788
usn.ubuntu.com/4078-1/
usn.ubuntu.com/4078-2/
www.openldap.org/its/?findid=9038
www.openldap.org/lists/openldap-announce/201907/msg00001.html
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpuapr2022.html
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.1 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
50.7%