CRITICAL🇵🇱 Wersja polska

CVE-2018-18389

CVSS 9.8v3.0pub. 2018-10-16upd. 2024-11-21

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Neo4j

    APP
    Neo4J
    3.4.0 – 3.4.9 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-34371CRITICAL9.8ten sam produkt

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java...

CVE-2024-34517MEDIUM6.5ten sam produkt

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an a...

CVE-2013-7259MEDIUM6.8ten sam produkt

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the...

CVE-2026-1497LOW2.0ten sam produkt

Niepoprawne rozwiązywanie przestrzeni nazw w złożonych bazach danych w Neo4j Enterprise edition w wersjach prz...

CVE-2026-1337LOW1.1ten sam produkt

Niedostateczne maskowanie znaków unicode w dzienniku zapytań w Neo4j Enterprise i Community w wersjach przed 2...