CVE-2024-8445

The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:7434
https://access.redhat.com/security/cve/CVE-2024-8445
https://bugzilla.redhat.com/show_bug.cgi?id=2310110

Configurations

No configuration.

History

01 Oct 2024, 06:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:7434 -
Summary		(es) La corrección de CVE-2024-2199 en 389-ds-base no fue suficiente para cubrir todos los escenarios. En ciertas versiones del producto, un usuario autenticado puede provocar un bloqueo del servidor al modificar `userPassword` mediante una entrada mal formada.

05 Sep 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-05 15:15

Updated : 2024-10-01 06:15

NVD link : CVE-2024-8445

Mitre link : CVE-2024-8445

CVE.ORG link : CVE-2024-8445

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

5.7 /10