CVE-2014-9713 — Openldap vulnerability

CWE-2646 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.1%

top 65.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openldap Debian Openldap Debian Linux

Timeline

PublishedApr 1

Latest updateMay 17

Description

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/openldap< openldap 2.4.40-2 (bookworm)

▶Debianopenldap/openldap< 2.4.40-2+3

▶Ubuntuopenldap/openldap< 2.4.31-1+nmu2ubuntu8.2

▶NVDopenldap/openldap17 versions+16

Also affects: Debian Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-jf44-946v-6x9w: The default slapd configuration in the Debian openldap package 2↗2022-05-17

▶

OSV

openldap vulnerabilities↗2015-09-16

▶

OSV

CVE-2014-9713: The default slapd configuration in the Debian openldap package 2↗2015-04-01

▶

📋Vendor Advisories

Ubuntu

OpenLDAP vulnerabilities↗2015-09-16

▶

Debian

CVE-2014-9713: openldap - The default slapd configuration in the Debian openldap package 2.4.23-3 through ...↗2014

▶