PT-2021-20660 · Neo4J · Neo4J Graph Database

Published

2021-07-27

Updated

2022-05-24

CVE-2021-34802

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Neo4j Graph Database versions 4.2 through 4.3

Description: A failure in resetting the security context in some transaction actions could allow authenticated users to execute commands with elevated privileges.

Recommendations: For Neo4j Graph Database versions 4.2 through 4.3, update to a version that includes the fix for this issue to prevent authenticated users from executing commands with elevated privileges.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2021-34802

GHSA-2W4H-F44W-968F

Affected Products

Neo4J Graph Database

PT-2021-20660 · Neo4J · Neo4J Graph Database

CVE-2021-34802

Weakness Enumeration

Related Identifiers

Affected Products

References · 6