3 matches found
CVE-2018-18389
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password...
com.graphaware.neo4j:server (>=3.4.0.52 <=3.4.12.52), com.graphaware.neo4j:tests (>=3.4.0.52 <=3.4.12.52) +17 more potentially affected by CVE-2018-18389 via org.neo4j:neo4j-enterprise (>=3.4.0 <=3.4.8)
org.neo4j:neo4j-enterprise MAVEN version =3.4.0, =3.4.0.52, =3.4.0.52, =3.0.0, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =3.4.0, =3.4.0, =0.1.9, =0.2.7 and more Source cves: CVE-2018-18389 Source advisory: OSV:GHSA-H5F5-RJ4R-42F6...
CVE-2018-18389
CVE-2018-18389 affects Neo4j Enterprise Database Server 3.4.x prior to 3.4.9. The issue is due to incorrect access control around LDAP authentication (STARTTLS) and the System Account, allowing an attacker to log in with any valid username and an arbitrary password. Impact in sources is unauthori...