PT-2022-3649 · Unknown+5 · 389-Ds-Base+5

Sandipan Roy

Published

2022-02-22

Updated

2024-12-13

CVE-2022-1949

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions 389-ds-base (affected versions not specified)

Description The issue is related to an access control bypass vulnerability. It involves the mishandling of a filter that yields incorrect results, allowing any remote unauthenticated user to issue a filter and potentially access sensitive data, including userPassword hashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

IDOR

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-639CWE-863

Related Identifiers

ALT-PU-2022-2754

ALT-PU-2022-2971

BDU:2022-04434

CVE-2022-1949

MGASA-2022-0239

OESA-2024-2164

OESA-2024-2165

OESA-2024-2167

OESA-2024-2168

OPENSUSE-SU-2022_2081-1

OPENSUSE-SU-2022_2295-1

OPENSUSE-SU-2024:12113-1

SUSE-SU-2022:2081-1

SUSE-SU-2022:2105-1

SUSE-SU-2022:2109-1

SUSE-SU-2022:2163-1

SUSE-SU-2022:2295-1

Affected Products

389-Ds-Base

Alt Linux

Astra Linux

Debian

Red Os

Suse

PT-2022-3649 · Unknown+5 · 389-Ds-Base+5

CVE-2022-1949

Weakness Enumeration

Related Identifiers

Affected Products

References · 56