Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
References
Link | Resource |
---|---|
https://github.com/neo4j/neo4j/issues/12047 | Exploit Third Party Advisory |
Configurations
Information
Published : 2018-10-16 11:29
Updated : 2019-01-18 08:25
NVD link : CVE-2018-18389
Mitre link : CVE-2018-18389
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
neo4j
- neo4j