PT-2024-5923 · Unknown+2 · 389-Ds-Base+2
Published
2024-09-05
·
Updated
2025-03-16
·
CVE-2024-8445
CVSS v3.1
5.7
Medium
| Vector | AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
389-ds-base versions prior to the fixed version
Description
The issue arises from insufficient input validation, allowing an authenticated user to cause a server crash by modifying the
userPassword using malformed input. This can lead to a denial of service, resulting in system unavailability.Recommendations
For versions prior to the fixed version, patch immediately to resolve the issue.
As a temporary workaround, consider restricting access to the
userPassword parameter to minimize the risk of exploitation.
Limit local network access to reduce the potential impact of the issue.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
389-Ds-Base
Astra Linux
Debian