neo4j-security-enterprise is vulnerable to an authorization bypass. The library does not properly reject failed login attempts during the STARTTLS
operation, allowing a malicious user to log into the server with an existing username and an arbitrary password.
CPE | Name | Operator | Version |
---|---|---|---|
neo4j - enterprise graph database security features | le | 3.4.8 |