CVE-2018-18389

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
References
Link Resource
https://github.com/neo4j/neo4j/issues/12047 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:neo4j:neo4j:*:*:*:*:enterprise:*:*:*

Information

Published : 2018-10-16 11:29

Updated : 2019-01-18 08:25


NVD link : CVE-2018-18389

Mitre link : CVE-2018-18389


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

neo4j

  • neo4j