MEDIUM🇵🇱 Wersja polska

CVE-2024-34517

CVSS 6.5v3.1pub. 2024-05-07upd. 2025-04-21

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
  • Neo4j

    APP
    Neo4J
    5.0.0 – 5.19.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-34371CRITICAL9.8ten sam produkt

Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java...

CVE-2018-18389CRITICAL9.8ten sam produkt

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP fo...

CVE-2013-7259MEDIUM6.8ten sam produkt

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the...

CVE-2026-1497LOW2.0ten sam produkt

Niepoprawne rozwiązywanie przestrzeni nazw w złożonych bazach danych w Neo4j Enterprise edition w wersjach prz...

CVE-2026-1337LOW1.1ten sam produkt

Niedostateczne maskowanie znaków unicode w dzienniku zapytań w Neo4j Enterprise i Community w wersjach przed 2...