← voltar
CVE-2020-35518

CVE-2020-35518

EPSS 1.5%CWE-200
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
26 mar 2021Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Produtos afetados
n/a · 389-ds-base

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.redhat.com/show_bug.cgi?id=1905565https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bchttps://github.com/389ds/389-ds-base/issues/4480