389 Directory Server Red Hat 389 Directory Server

Do you want an email whenever new security vulnerabilities are reported in Red Hat 389 Directory Server?

By the Year

In 2022 there have been 1 vulnerability in Red Hat 389 Directory Server with an average score of 7.5 out of ten. Last year 389 Directory Server had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2022 is greater by 1.60.

Year Vulnerabilities Average Score
2022 1 7.50
2021 2 5.90
2020 0 0.00
2019 0 0.00
2018 1 6.50

It may take a day or so for new 389 Directory Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat 389 Directory Server Security Vulnerabilities

A vulnerability was found in the 389 Directory Server

CVE-2022-0996 7.5 - High - March 23, 2022

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

Insufficient Session Expiration

When using a sync_repl client in 389-ds-base, an authenticated attacker

CVE-2021-3514 6.5 - Medium - May 28, 2021

When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.

NULL Pointer Dereference

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not

CVE-2020-35518 5.3 - Medium - March 26, 2021

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Information Disclosure

A flaw was found in the 389 Directory Server

CVE-2018-10935 6.5 - Medium - September 11, 2018

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat 389 Directory Server or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe