CVE-2018-18389

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-18389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-18389

Aliases

GHSA-h5f5-rj4r-42f6

Withdrawn

2024-05-15T05:33:09.069092Z

Published

2018-10-16T18:29:01Z

Modified

2023-11-29T06:31:17.091600Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.

References

https://github.com/neo4j/neo4j/issues/12047

Affected packages

Git / github.com/neo4j/neo4j

Affected ranges

Type: GIT
Repo: https://github.com/neo4j/neo4j
Events: Introduced

efaa8492f0a3439d20461055219c070d83f001f3

Fixed

aab063aa4f7ee04dc642326536180a20a0bc3d86

Affected versions

3.*

3.1.9

3.2.12

3.2.13

3.3.6

3.3.7

3.3.8

3.4.0

3.4.1

3.4.2

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8