CVE-2018-18389

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2018-18389

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18389.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-18389

Aliases

GHSA-h5f5-rj4r-42f6

Published

2018-10-16T18:29:01.550Z

Modified

2026-03-14T09:28:32.290058Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.

References

https://github.com/neo4j/neo4j/issues/12047

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "3.4.0"
            },
            {
                "fixed": "3.4.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "3.4.x"
            },
            {
                "fixed": "3.4.9"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18389.json"