openldap openldap CVE-2019-13057 vulnerability in Openldap and Other Products
Published on July 26, 2019

product logo product logo product logo product logo product logo product logo product logo
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-13057

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-13057 are published in these products:

Openldap
 
Canonical Ubuntu Linux
 
Debian Linux
 
OpenSuse Leap
 
Apple macOS
 
McAfee Policy Auditor
 
Oracle Solaris
 
Oracle Zfs Storage Appliance Kit
 
Oracle Blockchain Platform
 

Exploit Probability

EPSS
0.58%
Percentile
68.52%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.