CVE-2021-35943 — Improper Authentication in Server

CWE-287 — Improper Authentication CWE-863 — Incorrect Authorization3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 32.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Couchbase Server

Timeline

PublishedSep 29

Latest updateMay 24

Description

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcouchbase/couchbase_server6.6.0 — 6.6.3+1

🔴Vulnerability Details

GHSA

GHSA-cm7f-fcwh-gc62: Couchbase Server 6↗2022-05-24

▶

CVEList

CVE-2021-35943: Couchbase Server 6↗2021-09-29

▶