ROSA LABROSA-SA-2023-2237Advisory ROSA-SA-2023-2237
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.8%
SOFTWARE: 389-ds-base 1.4.4.4.4.
WASP: ROSA-CHROME
package_evr_string: 389-ds-base-1.4.4.4-12.src.rpm
CVE-ID: CVE-2021-3652
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An error has been detected in 389-ds-base. If the asterisk is imported as password hashes either accidentally or maliciously, then instead of being inactive, any password will be successfully matched during authentication. This flaw allows an attacker to successfully authenticate a user whose password has been disabled
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update 389-ds-base
CVE-ID: CVE-2022-1949
BDU-ID: 2022-04434
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the search filter (ldbm_search.c) of the 389 Directory Server is related to access differentiation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update 389-ds-base
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.8%