CVE-2020-15719
published 2020-07-14CVE-2020-15719: libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN…
medium4.2CVSS 3.1
AVNACHPRNUIRSUCLILAN
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openldap | — | — |
| mcafee | policy_auditor | < 6.5.1 | 6.5.1 |
| openldap | openldap | < 2.4.46-10.el8 | 2.4.46-10.el8 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| oracle | blockchain_platform | < 21.1.2 | 21.1.2 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.14.2MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
osv4.2MEDIUM