Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-14824 (GCVE-0-2019-14824)
Vulnerability from cvelistv5 – Published: 2019-11-08 14:45 – Updated: 2025-02-13 16:27
VLAI
EPSS
Summary
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Severity
6.5 (Medium)
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2019:3981 | vendor-advisoryx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2019… | mailing-listx_refsource_MLIST |
| https://access.redhat.com/errata/RHSA-2020:0464 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2023… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| [UNKNOWN] | 389-ds-base |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:26:39.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2019:3981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2004-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"name": "RHSA-2020:0464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the \u0027deref\u0027 plugin of 389-ds-base where it could use the \u0027search\u0027 permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T08:06:16.088Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2019:3981",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3981"
},
{
"name": "[debian-lts-announce] 20191129 [SECURITY] [DLA 2004-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"name": "RHSA-2020:0464",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-14824",
"datePublished": "2019-11-08T14:45:46.000Z",
"dateReserved": "2019-08-10T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:22.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-14824",
"date": "2026-05-31",
"epss": "0.00401",
"percentile": "0.61035"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fedoraproject:389_directory_server:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65E209CD-4A5F-48F1-BA57-3145757D2C23\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in the \u0027deref\u0027 plugin of 389-ds-base where it could use the \u0027search\u0027 permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un fallo en el plugin \\\"deref\\\" de 389-ds-base, donde podr\\u00eda usar el permiso \\\"search\\\" para mostrar los valores de los atributos. En algunas configuraciones, esto podr\\u00eda permitir a un atacante autenticado visualizar atributos privados, tales como hashes de contrase\\u00f1as.\"}]",
"id": "CVE-2019-14824",
"lastModified": "2024-11-21T04:27:26.460",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV30\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:P/I:N/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-11-08T15:15:11.563",
"references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2019:3981\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0464\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3981\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0464\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-14824\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-11-08T15:15:11.563\",\"lastModified\":\"2024-11-21T04:27:26.460\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the \u0027deref\u0027 plugin of 389-ds-base where it could use the \u0027search\u0027 permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un fallo en el plugin \\\"deref\\\" de 389-ds-base, donde podr\u00eda usar el permiso \\\"search\\\" para mostrar los valores de los atributos. En algunas configuraciones, esto podr\u00eda permitir a un atacante autenticado visualizar atributos privados, tales como hashes de contrase\u00f1as.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:P/I:N/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65E209CD-4A5F-48F1-BA57-3145757D2C23\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3981\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0464\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
RHSA-2020:0464
Vulnerability from csaf_redhat - Published: 2020-02-10 19:55 - Updated: 2025-11-21 18:12Summary
Red Hat Security Advisory: 389-ds:1.4 security update
Severity
Important
Notes
Topic: An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
* 389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
6.5 (Medium)
Affected products
Fixed
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch::389-ds:1.4 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
Acknowledgments
Deutsches Klimarechenzentrum
Gerald Vogt
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0464",
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1747448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0464.json"
}
],
"title": "Red Hat Security Advisory: 389-ds:1.4 security update",
"tracking": {
"current_release_date": "2025-11-21T18:12:10+00:00",
"generator": {
"date": "2025-11-21T18:12:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2020:0464",
"initial_release_date": "2020-02-10T19:55:26+00:00",
"revision_history": [
{
"date": "2020-02-10T19:55:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-10T19:55:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:12:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-devel@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4)",
"product_id": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src::389-ds:1.4",
"product": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src (389-ds:1.4)",
"product_id": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=src\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch::389-ds:1.4",
"product": {
"name": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch (389-ds:1.4)",
"product_id": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-lib389@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=noarch\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-devel@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4)",
"product_id": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64\u0026rpmmod=389-ds:1.4:8000020191107193846:187e9a3f"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src::389-ds:1.4"
},
"product_reference": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch (389-ds:1.4) as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch::389-ds:1.4"
},
"product_reference": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch::389-ds:1.4",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Gerald Vogt"
],
"organization": "Deutsches Klimarechenzentrum"
}
],
"cve": "CVE-2019-14824",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-08-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1747448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the \u0027deref\u0027 plugin of 389-ds-base where it could use the \u0027search\u0027 permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "389-ds-base: Read permission check bypass via the deref plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important when use in a IdM/IPA environment, where an ACI installed by default allows an authenticated attacker to use this flaw to retrieve the userPassword attribute of any user.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch::389-ds:1.4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14824"
},
{
"category": "external",
"summary": "RHBZ#1747448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14824"
},
{
"category": "external",
"summary": "https://pagure.io/389-ds-base/issue/50716",
"url": "https://pagure.io/389-ds-base/issue/50716"
}
],
"release_date": "2019-11-04T09:14:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-10T19:55:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch::389-ds:1.4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64::389-ds:1.4",
"AppStream-8.0.0.Z.E4S:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch::389-ds:1.4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "389-ds-base: Read permission check bypass via the deref plugin"
}
]
}
RHSA-2020_0464
Vulnerability from csaf_redhat - Published: 2020-02-10 19:55 - Updated: 2024-11-22 13:22Summary
Red Hat Security Advisory: 389-ds:1.4 security update
Severity
Important
Notes
Topic: An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
* 389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
6.5 (Medium)
Affected products
Fixed
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
Acknowledgments
Deutsches Klimarechenzentrum
Gerald Vogt
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0464",
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1747448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0464.json"
}
],
"title": "Red Hat Security Advisory: 389-ds:1.4 security update",
"tracking": {
"current_release_date": "2024-11-22T13:22:57+00:00",
"generator": {
"date": "2024-11-22T13:22:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2020:0464",
"initial_release_date": "2020-02-10T19:55:26+00:00",
"revision_history": [
{
"date": "2020-02-10T19:55:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-10T19:55:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T13:22:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds:1.4:8000020191107193846:187e9a3f",
"product": {
"name": "389-ds:1.4:8000020191107193846:187e9a3f",
"product_id": "389-ds:1.4:8000020191107193846:187e9a3f",
"product_identification_helper": {
"purl": "pkg:rpmmod/redhat/389-ds@1.4:8000020191107193846:187e9a3f"
}
}
},
{
"category": "product_version",
"name": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch",
"product": {
"name": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch",
"product_id": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-lib389@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-devel@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_id": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src",
"product": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src",
"product_id": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-devel@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_id": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@1.4.0.20-10.1.module%2Bel8.0.0%2B4597%2B364a3066?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
"product_reference": "389-ds:1.4:8000020191107193846:187e9a3f",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src"
},
"product_reference": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64 as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch as a component of 389-ds:1.4:8000020191107193846:187e9a3f as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.0)",
"product_id": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch"
},
"product_reference": "python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch",
"relates_to_product_reference": "AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Gerald Vogt"
],
"organization": "Deutsches Klimarechenzentrum"
}
],
"cve": "CVE-2019-14824",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-08-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1747448"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the \u0027deref\u0027 plugin of 389-ds-base where it could use the \u0027search\u0027 permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "389-ds-base: Read permission check bypass via the deref plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important when use in a IdM/IPA environment, where an ACI installed by default allows an authenticated attacker to use this flaw to retrieve the userPassword attribute of any user.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14824"
},
{
"category": "external",
"summary": "RHBZ#1747448",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14824"
},
{
"category": "external",
"summary": "https://pagure.io/389-ds-base/issue/50716",
"url": "https://pagure.io/389-ds-base/issue/50716"
}
],
"release_date": "2019-11-04T09:14:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-10T19:55:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0464"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.src",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-debugsource-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-devel-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-legacy-tools-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-libs-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.ppc64le",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:389-ds-base-snmp-debuginfo-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.x86_64",
"AppStream-8.0.0.Z.E4S:389-ds:1.4:8000020191107193846:187e9a3f:python3-lib389-0:1.4.0.20-10.1.module+el8.0.0+4597+364a3066.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "389-ds-base: Read permission check bypass via the deref plugin"
}
]
}
VAR-201911-1016
Vulnerability from variot - Updated: 2023-12-18 10:51A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. 389-ds-base Contains a vulnerability in the use of freed memory.Information may be obtained. Red Hat 389 Directory Server (formerly known as Fedora Directory Server) is an enterprise-class Linux directory server from Red Hat. The server fully supports the LDAPv3 specification and features scalable, multi-master replication. Deref is one of the deref plugins.
The deref plugin in Red Hat 389 Directory Server has a permission check bypass vulnerability that an attacker can use to view private properties. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: 389-ds-base security and bug fix update Advisory ID: RHSA-2019:3981-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3981 Issue date: 2019-11-26 CVE Names: CVE-2019-14824 ==================================================================== 1.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
-
7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
-
The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
- 389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
DB Deadlock on modrdn appears to corrupt database and entry cache (BZ#1749289)
-
After audit log file is rotated, DS version string is logged after each update (BZ#1754831)
-
Extremely slow LDIF import with ldif2db (BZ#1763622)
-
ns-slapd crash on concurrent SASL BINDs, connection_call_io_layer_callbacks must hold hold c_mutex (BZ#1763627)
-
CleanAllRUV task limit not enforced (BZ#1767622)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the 389 server service will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin 1749289 - DB Deadlock on modrdn appears to corrupt database and entry cache [rhel-7.7.z] 1754831 - After audit log file is rotated, DS version string is logged after each update [rhel-7.7.z] 1763622 - Extremely slow LDIF import with ldif2db [rhel-7.7.z] 1763627 - ns-slapd crash on concurrent SASL BINDs, connection_call_io_layer_callbacks must hold hold c_mutex [rhel-7.7.z] 1767622 - CleanAllRUV task limit not enforced [rhel-7.7.z]
- 7):
Source: 389-ds-base-1.3.9.1-12.el7_7.src.rpm
ppc64: 389-ds-base-1.3.9.1-12.el7_7.ppc64.rpm 389-ds-base-debuginfo-1.3.9.1-12.el7_7.ppc64.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.ppc64.rpm 389-ds-base-libs-1.3.9.1-12.el7_7.ppc64.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.ppc64.rpm
ppc64le: 389-ds-base-debuginfo-1.3.9.1-12.el7_7.ppc64le.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.ppc64le.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.ppc64le.rpm
s390x: 389-ds-base-1.3.9.1-12.el7_7.s390x.rpm 389-ds-base-debuginfo-1.3.9.1-12.el7_7.s390x.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.s390x.rpm 389-ds-base-libs-1.3.9.1-12.el7_7.s390x.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.s390x.rpm
x86_64: 389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
x86_64: 389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm 389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-14824 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXd0wD9zjgjWX9erEAQgHUg/+N9VdnQDmeRiQopeSvr69XIUMytjLbwk1 qzX1z2FUIjJCHOFrxGq43aellPmu2K+opzhvrcpSaOgxBIAHScPI6dVtkdpUp9hU ijFv8+W9SYKOWw7I1jujBvV9VC+bPcrtju2CMl381tEOqJEiWB1241OSCq5LFFE6 /EyyLW8cTONmY09mmPJozHMshAypKUcPuWICO3iWS+F057h5H6sDgNUCX/ohonnk H+x5by1atY2Q013Crbyr/bJ+Gdp3aaULLaAOKPgd+98DeSCSl+trbbkNwXtj56Tb HqKz2ECOH49VsEUjlxYGiNTV3XraRWWEcAKmlwGsyFQbU2A+T8hBBXhGMHhQv8+f OE/kOH7nE9mTXM2k2XTKn8uZvMDUKipM/A4tFwg3l47GELZ/HjF6I0pYF5fy1bUR HHzaYbL+Q2LZR2Zyka0x4vtqeY4fXyTrM7/8umN5yzdtwkPUpTArFj2ATPB3ZtKH tlfwpd+WA90xT0/34ToRXyMneSiE0siLLr0xRAHTfbX/OpXipT7amSLwhA9xtqNK CclPFA20ediujwvVxY3Wd+Ch/LC9uyeAJfp08FPZHbIorMKhSmGtVzWBIS3XtF+7 N5NOXZ5kZo8kmC+9kr0bTutifb5QY+IuLZyUdkQPoj9+oYVJOy612g8CPCSWzzO/ 8ANLdd053bc=rS+e -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8.0) - noarch, ppc64le, x86_64
- Bugs fixed (https://bugzilla.redhat.com/):
1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin
-
8) - aarch64, noarch, ppc64le, s390x, x86_64
The following packages have been upgraded to a later upstream version: 389-ds-base (1.4.1.3). Bugs fixed (https://bugzilla.redhat.com/):
1591480 - CVE-2018-10871 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default 1654056 - /usr/lib/systemd/system/dirsrv@.service:40: .include directives are deprecated 1654059 - CVE-2019-10224 389-ds-base: using dscreate in verbose mode results in information disclosure [rhel-8] 1677147 - CVE-2019-10224 389-ds-base: using dscreate in verbose mode results in information disclosure 1678517 - ipa role-mod DatabaseError changing cn 1693612 - CVE-2019-3883 389-ds-base: DoS via hanging secured connections 1702024 - Cannot create Directory Server's instances using dscreate 1706224 - Protocol setting is inconsistent in FIPS mode 1712467 - Rebase 389-ds-base on RHEL 8.1 1715675 - Fix potential ipv6 issues 1717540 - Address covscan warnings 1720331 - Log the actual base DN when the search fails with "invalid attribute request". 1725815 - consistency in the replication error codes while setting nsds5replicaid=65535 1729069 - IPA upgrade fails for latest ipa package when setup in multi master mode 1739183 - CleanAllRUV task limit not enforced 1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin
6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "389 directory server",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "389 directory server",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "hat directory server",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "389"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40300"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"db": "NVD",
"id": "CVE-2019-14824"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:fedoraproject:389_directory_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14824"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "155470"
},
{
"db": "PACKETSTORM",
"id": "156280"
},
{
"db": "PACKETSTORM",
"id": "155127"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
],
"trust": 0.9
},
"cve": "CVE-2019-14824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-14824",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40300",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-14824",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-14824",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-14824",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-40300",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-089",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40300"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"db": "NVD",
"id": "CVE-2019-14824"
},
{
"db": "NVD",
"id": "CVE-2019-14824"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in the \u0027deref\u0027 plugin of 389-ds-base where it could use the \u0027search\u0027 permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes. 389-ds-base Contains a vulnerability in the use of freed memory.Information may be obtained. Red Hat 389 Directory Server (formerly known as Fedora Directory Server) is an enterprise-class Linux directory server from Red Hat. The server fully supports the LDAPv3 specification and features scalable, multi-master replication. Deref is one of the deref plugins. \n\nThe deref plugin in Red Hat 389 Directory Server has a permission check bypass vulnerability that an attacker can use to view private properties. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: 389-ds-base security and bug fix update\nAdvisory ID: RHSA-2019:3981-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3981\nIssue date: 2019-11-26\nCVE Names: CVE-2019-14824\n====================================================================\n1. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. The\nbase packages include the Lightweight Directory Access Protocol (LDAP)\nserver and command-line utilities for server administration. \n\nSecurity Fix(es):\n\n* 389-ds-base: Read permission check bypass via the deref plugin\n(CVE-2019-14824)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* DB Deadlock on modrdn appears to corrupt database and entry cache\n(BZ#1749289)\n\n* After audit log file is rotated, DS version string is logged after each\nupdate (BZ#1754831)\n\n* Extremely slow LDIF import with ldif2db (BZ#1763622)\n\n* ns-slapd crash on concurrent SASL BINDs,\nconnection_call_io_layer_callbacks must hold hold c_mutex (BZ#1763627)\n\n* CleanAllRUV task limit not enforced (BZ#1767622)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the 389 server service will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin\n1749289 - DB Deadlock on modrdn appears to corrupt database and entry cache [rhel-7.7.z]\n1754831 - After audit log file is rotated, DS version string is logged after each update [rhel-7.7.z]\n1763622 - Extremely slow LDIF import with ldif2db [rhel-7.7.z]\n1763627 - ns-slapd crash on concurrent SASL BINDs, connection_call_io_layer_callbacks must hold hold c_mutex [rhel-7.7.z]\n1767622 - CleanAllRUV task limit not enforced [rhel-7.7.z]\n\n6. 7):\n\nSource:\n389-ds-base-1.3.9.1-12.el7_7.src.rpm\n\nppc64:\n389-ds-base-1.3.9.1-12.el7_7.ppc64.rpm\n389-ds-base-debuginfo-1.3.9.1-12.el7_7.ppc64.rpm\n389-ds-base-devel-1.3.9.1-12.el7_7.ppc64.rpm\n389-ds-base-libs-1.3.9.1-12.el7_7.ppc64.rpm\n389-ds-base-snmp-1.3.9.1-12.el7_7.ppc64.rpm\n\nppc64le:\n389-ds-base-debuginfo-1.3.9.1-12.el7_7.ppc64le.rpm\n389-ds-base-devel-1.3.9.1-12.el7_7.ppc64le.rpm\n389-ds-base-snmp-1.3.9.1-12.el7_7.ppc64le.rpm\n\ns390x:\n389-ds-base-1.3.9.1-12.el7_7.s390x.rpm\n389-ds-base-debuginfo-1.3.9.1-12.el7_7.s390x.rpm\n389-ds-base-devel-1.3.9.1-12.el7_7.s390x.rpm\n389-ds-base-libs-1.3.9.1-12.el7_7.s390x.rpm\n389-ds-base-snmp-1.3.9.1-12.el7_7.s390x.rpm\n\nx86_64:\n389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm\n389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm\n389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nx86_64:\n389-ds-base-debuginfo-1.3.9.1-12.el7_7.x86_64.rpm\n389-ds-base-devel-1.3.9.1-12.el7_7.x86_64.rpm\n389-ds-base-snmp-1.3.9.1-12.el7_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-14824\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXd0wD9zjgjWX9erEAQgHUg/+N9VdnQDmeRiQopeSvr69XIUMytjLbwk1\nqzX1z2FUIjJCHOFrxGq43aellPmu2K+opzhvrcpSaOgxBIAHScPI6dVtkdpUp9hU\nijFv8+W9SYKOWw7I1jujBvV9VC+bPcrtju2CMl381tEOqJEiWB1241OSCq5LFFE6\n/EyyLW8cTONmY09mmPJozHMshAypKUcPuWICO3iWS+F057h5H6sDgNUCX/ohonnk\nH+x5by1atY2Q013Crbyr/bJ+Gdp3aaULLaAOKPgd+98DeSCSl+trbbkNwXtj56Tb\nHqKz2ECOH49VsEUjlxYGiNTV3XraRWWEcAKmlwGsyFQbU2A+T8hBBXhGMHhQv8+f\nOE/kOH7nE9mTXM2k2XTKn8uZvMDUKipM/A4tFwg3l47GELZ/HjF6I0pYF5fy1bUR\nHHzaYbL+Q2LZR2Zyka0x4vtqeY4fXyTrM7/8umN5yzdtwkPUpTArFj2ATPB3ZtKH\ntlfwpd+WA90xT0/34ToRXyMneSiE0siLLr0xRAHTfbX/OpXipT7amSLwhA9xtqNK\nCclPFA20ediujwvVxY3Wd+Ch/LC9uyeAJfp08FPZHbIorMKhSmGtVzWBIS3XtF+7\nN5NOXZ5kZo8kmC+9kr0bTutifb5QY+IuLZyUdkQPoj9+oYVJOy612g8CPCSWzzO/\n8ANLdd053bc=rS+e\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8.0) - noarch, ppc64le, x86_64\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin\n\n6. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\n389-ds-base (1.4.1.3). Bugs fixed (https://bugzilla.redhat.com/):\n\n1591480 - CVE-2018-10871 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default\n1654056 - /usr/lib/systemd/system/dirsrv@.service:40: .include directives are deprecated\n1654059 - CVE-2019-10224 389-ds-base: using dscreate in verbose mode results in information disclosure [rhel-8]\n1677147 - CVE-2019-10224 389-ds-base: using dscreate in verbose mode results in information disclosure\n1678517 - ipa role-mod DatabaseError changing cn\n1693612 - CVE-2019-3883 389-ds-base: DoS via hanging secured connections\n1702024 - Cannot create Directory Server\u0027s instances using dscreate\n1706224 - Protocol setting is inconsistent in FIPS mode\n1712467 - Rebase 389-ds-base on RHEL 8.1\n1715675 - Fix potential ipv6 issues\n1717540 - Address covscan warnings\n1720331 - Log the actual base DN when the search fails with \"invalid attribute request\". \n1725815 - consistency in the replication error codes while setting nsds5replicaid=65535\n1729069 - IPA upgrade fails for latest ipa package when setup in multi master mode\n1739183 - CleanAllRUV task limit not enforced\n1747448 - CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-14824"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"db": "CNVD",
"id": "CNVD-2019-40300"
},
{
"db": "PACKETSTORM",
"id": "155470"
},
{
"db": "PACKETSTORM",
"id": "156280"
},
{
"db": "PACKETSTORM",
"id": "155127"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-14824",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011844",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "155470",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156280",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-40300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0474",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4108",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4488",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4521",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2312",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-089",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155127",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40300"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"db": "PACKETSTORM",
"id": "155470"
},
{
"db": "PACKETSTORM",
"id": "156280"
},
{
"db": "PACKETSTORM",
"id": "155127"
},
{
"db": "NVD",
"id": "CVE-2019-14824"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
]
},
"id": "VAR-201911-1016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40300"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40300"
}
]
},
"last_update_date": "2023-12-18T10:51:42.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://directory.fedoraproject.org/"
},
{
"title": "Bug 1747448",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14824"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "CWE-416",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"db": "NVD",
"id": "CVE-2019-14824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3981"
},
{
"trust": 2.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0464"
},
{
"trust": 2.2,
"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00036.html"
},
{
"trust": 2.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14824"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14824"
},
{
"trust": 1.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-14824"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2019:3401"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14824"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/errata/rhsa-2019"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1747448"
},
{
"trust": 0.6,
"url": "https://pagure.io/389-ds-base/issue/50716"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0474/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4108/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155470/red-hat-security-advisory-2019-3981-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2312"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4488/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4521/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/389-directory-server-information-disclosure-via-deref-plugin-30987"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156280/red-hat-security-advisory-2020-0464-01.html"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3883"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10871"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10871"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40300"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"db": "PACKETSTORM",
"id": "155470"
},
{
"db": "PACKETSTORM",
"id": "156280"
},
{
"db": "PACKETSTORM",
"id": "155127"
},
{
"db": "NVD",
"id": "CVE-2019-14824"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-40300"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"db": "PACKETSTORM",
"id": "155470"
},
{
"db": "PACKETSTORM",
"id": "156280"
},
{
"db": "PACKETSTORM",
"id": "155127"
},
{
"db": "NVD",
"id": "CVE-2019-14824"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40300"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"date": "2019-11-26T17:22:54",
"db": "PACKETSTORM",
"id": "155470"
},
{
"date": "2020-02-10T21:03:06",
"db": "PACKETSTORM",
"id": "156280"
},
{
"date": "2019-11-06T15:37:05",
"db": "PACKETSTORM",
"id": "155127"
},
{
"date": "2019-11-08T15:15:11.563000",
"db": "NVD",
"id": "CVE-2019-14824"
},
{
"date": "2019-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40300"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011844"
},
{
"date": "2023-04-24T09:15:07.710000",
"db": "NVD",
"id": "CVE-2019-14824"
},
{
"date": "2023-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "389-ds-base Uses freed memory vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011844"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-089"
}
],
"trust": 0.6
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…