Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x prior to 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an malicious user to log into the server by sending any valid username with an arbitrary password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
neo4j neo4j |