ROSA LABROSA-SA-2023-2231Advisory ROSA-SA-2023-2231
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
38.5%
SOFTWARE: 389-ds-base 1.4.3.8
OS: ROSA Virtualization 2.1
package_evr_string: 389-ds-base-1.4.3.8.src.rpm
CVE-ID: CVE-2021-3652
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then instead of being inactive, any password will be successfully matched during authentication. This flaw allows an attacker to successfully authenticate a user whose password has been disabled.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update 389-ds-base command
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
38.5%