3.5
CVSSv2

CVE-2019-13057

Published: 26/07/2019 Updated: 24/08/2020
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Summary

An issue exists in the server in OpenLDAP prior to 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openldap openldap

canonical ubuntu linux 19.04

canonical ubuntu linux 18.04

canonical ubuntu linux 16.04

Vendor Advisories

Debian Bug report logs - #932998 openldap: CVE-2019-13565 Package: src:openldap; Maintainer for src:openldap is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jul 2019 17:15:05 UTC Severity: important Tags: security, upstre ...
Several security issues were fixed in OpenLDAP ...
Several security issues were fixed in OpenLDAP ...
Debian Bug report logs - #932997 openldap: CVE-2019-13057 Package: src:openldap; Maintainer for src:openldap is Debian OpenLDAP Maintainers <pkg-openldap-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 25 Jul 2019 17:15:02 UTC Severity: important Tags: security, upstre ...
Impact: Moderate Public Date: 2019-07-25 CWE: CWE-200 Bugzilla: 1730472: CVE-2019-13057 openldap: Infor ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-12-10-3 macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and addresses the following: ATS Available for: macOS Catalina 1015 Imp ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-12-10-3 macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and addresses the following: ATS Available for: macOS Catalina 1015 Imp ...