CVE-2014-9713
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
01/04/2015
Last modified:
12/04/2025
Description
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.debian.org/security/2015/dsa-3209
- http://www.openwall.com/lists/oss-security/2015/03/29/2
- http://www.securityfocus.com/bid/73217
- http://www.ubuntu.com/usn/USN-2742-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406
- http://www.debian.org/security/2015/dsa-3209
- http://www.openwall.com/lists/oss-security/2015/03/29/2
- http://www.securityfocus.com/bid/73217
- http://www.ubuntu.com/usn/USN-2742-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406