Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-0996 (GCVE-0-2022-0996)
Vulnerability from cvelistv5 – Published: 2022-03-23 19:46 – Updated: 2025-11-03 20:34
VLAI
EPSS
Summary
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Severity
No CVSS data available.
CWE
- Impoper Authentication
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2064769 | x_refsource_MISC |
| https://github.com/ByteHackr/389-ds-base | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2023… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | 389-ds-base |
Affected:
1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:34.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ByteHackr/389-ds-base"
},
{
"name": "FEDORA-2022-40544b5314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"
},
{
"name": "FEDORA-2022-2558f14c58",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Impoper Authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-24T08:06:14.526Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ByteHackr/389-ds-base"
},
{
"name": "FEDORA-2022-40544b5314",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"
},
{
"name": "FEDORA-2022-2558f14c58",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0996",
"datePublished": "2022-03-23T19:46:16.000Z",
"dateReserved": "2022-03-16T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:34:34.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-0996",
"date": "2026-05-27",
"epss": "0.0019",
"percentile": "0.40492"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:389_directory_server:1.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BE7A73C-5B0C-442D-A542-5FE5F249FB28\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una vulnerabilidad en 389 Directory Server que permite que las contrase\\u00f1as caducadas accedan a la base de datos para causar una autenticaci\\u00f3n inapropiada\"}]",
"id": "CVE-2022-0996",
"lastModified": "2024-11-21T06:39:49.373",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-03-23T20:15:10.713",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2064769\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/ByteHackr/389-ds-base\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2064769\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/ByteHackr/389-ds-base\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-0996\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-03-23T20:15:10.713\",\"lastModified\":\"2025-11-03T21:15:50.323\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en 389 Directory Server que permite que las contrase\u00f1as caducadas accedan a la base de datos para causar una autenticaci\u00f3n inapropiada\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:389_directory_server:1.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BE7A73C-5B0C-442D-A542-5FE5F249FB28\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2064769\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ByteHackr/389-ds-base\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2064769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ByteHackr/389-ds-base\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
alsa-2022:5823
Vulnerability from osv_almalinux
Published
2022-08-02 00:00
Modified
2022-08-05 15:09
Summary
Moderate: 389-ds:1.4 security update
Details
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918) * 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "389-ds-base"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3.28-7.module_el8.6.0+3071+d20b1d7c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "389-ds-base-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3.28-7.module_el8.6.0+3071+d20b1d7c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "389-ds-base-legacy-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3.28-7.module_el8.6.0+3071+d20b1d7c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "389-ds-base-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3.28-7.module_el8.6.0+3071+d20b1d7c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "389-ds-base-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3.28-7.module_el8.6.0+3071+d20b1d7c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3-lib389"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.3.28-7.module_el8.6.0+3071+d20b1d7c"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. \nSecurity Fix(es):\n* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)\n* 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:5823",
"modified": "2022-08-05T15:09:11Z",
"published": "2022-08-02T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:5823"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-0918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-0996"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2055815"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2064769"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-5823.html"
}
],
"related": [
"CVE-2022-0918",
"CVE-2022-0996"
],
"summary": "Moderate: 389-ds:1.4 security update"
}
alsa-2022:8162
Vulnerability from osv_almalinux
Published
2022-11-15 00:00
Modified
2022-11-18 03:52
Summary
Moderate: 389-ds-base security, bug fix, and enhancement update
Details
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
The following packages have been upgraded to a later upstream version: 389-ds-base (2.1.3). (BZ#2061801)
Security Fix(es):
- 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)
- 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)
- 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "389-ds-base"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.3-4.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "389-ds-base-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.3-4.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3-lib389"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.3-4.el9_1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.\n\nThe following packages have been upgraded to a later upstream version: 389-ds-base (2.1.3). (BZ#2061801)\n\nSecurity Fix(es):\n\n* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)\n* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)\n* 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2022:8162",
"modified": "2022-11-18T03:52:36Z",
"published": "2022-11-15T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:8162"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-0918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-0996"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-2850"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2055815"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2064769"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2118691"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-8162.html"
}
],
"related": [
"CVE-2022-0918",
"CVE-2022-2850",
"CVE-2022-0996"
],
"summary": "Moderate: 389-ds-base security, bug fix, and enhancement update"
}
BDU:2023-02636
Vulnerability from fstec - Published: 21.03.2022
VLAI
Title
Уязвимость аутентификации сервера службы каталогов 389 Directory Server, связанная с неверным сроком действия сеанса, позволяющая нарушителю получить доступ к конфиденциальным данным
Description
Уязвимость аутентификации сервера службы каталогов 389 Directory Server связана с неверным сроком действия сеанса. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным
Severity
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Fedora Project
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), 389 Directory Server
Software Version
10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 «Смоленск» (Astra Linux Common Edition), до 2.0.15 (389 Directory Server), до 2.1.1 (389 Directory Server), до 2.2.0 (389 Directory Server)
Possible Mitigations
Для 389 Directory Server:
использование рекомендаций производителя: https://github.com/389ds/389-ds-base/issues/5221
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2022-0996
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47
Для ОС Astra Linux:
обновить пакет 389-ds-base до 1.3.10.1-astra8 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=2064769
https://github.com/389ds/389-ds-base/commit/b7fd028e5e67686afea617beb1791e9f3e7a4cb9
https://github.com/389ds/389-ds-base/commit/e6431d959bf3cd07160c5b1822802d5f532d956a
https://github.com/389ds/389-ds-base/issues/5221
https://github.com/ByteHackr/389-ds-base
https://nvd.nist.gov/vuln/detail/CVE-2022-0996
https://security-tracker.debian.org/tracker/CVE-2022-0996
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16
CWE
CWE-613
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), \u0434\u043e 2.0.15 (389 Directory Server), \u0434\u043e 2.1.1 (389 Directory Server), \u0434\u043e 2.2.0 (389 Directory Server)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f 389 Directory Server:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://github.com/389ds/389-ds-base/issues/5221\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2022-0996\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 389-ds-base \u0434\u043e 1.3.10.1-astra8 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.03.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.05.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-02636",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-0996",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), 389 Directory Server",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441\u043b\u0443\u0436\u0431\u044b \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 389 Directory Server, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0441\u0440\u043e\u043a\u043e\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u0435\u0430\u043d\u0441\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u044b\u0439 \u0441\u0440\u043e\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u0435\u0430\u043d\u0441\u0430 (CWE-613)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0441\u043b\u0443\u0436\u0431\u044b \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u043e\u0432 389 Directory Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u0441\u0440\u043e\u043a\u043e\u043c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441\u0435\u0430\u043d\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769\nhttps://github.com/389ds/389-ds-base/commit/b7fd028e5e67686afea617beb1791e9f3e7a4cb9\nhttps://github.com/389ds/389-ds-base/commit/e6431d959bf3cd07160c5b1822802d5f532d956a\nhttps://github.com/389ds/389-ds-base/issues/5221\nhttps://github.com/ByteHackr/389-ds-base\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0996\nhttps://security-tracker.debian.org/tracker/CVE-2022-0996\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-613",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}
CNVD-2022-36035
Vulnerability from cnvd - Published: 2022-05-10
VLAI
Title
Red Hat 389 Directory Server代码问题漏洞
Description
Red Hat 389 Directory Server(前称Fedora Directory Server)是美国红帽(Red Hat)公司的一款企业级的Linux目录服务器。该服务器完全支持LDAPv3规范,具有可扩展、多主复制等特点。
Red Hat 389 Directory Server存在安全漏洞,该漏洞允许过期密码访问数据库,攻击者可利用漏洞导致身份验证不正确。
Severity
中
Formal description
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法: https://access.redhat.com/security/cve/cve-2022-0996
Reference
https://access.redhat.com/security/cve/cve-2022-0996
Impacted products
| Name | Red Hat 389 Directory Server 1.4.0.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-0996"
}
},
"description": "Red Hat 389 Directory Server\uff08\u524d\u79f0Fedora Directory Server\uff09\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u7684Linux\u76ee\u5f55\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5b8c\u5168\u652f\u6301LDAPv3\u89c4\u8303\uff0c\u5177\u6709\u53ef\u6269\u5c55\u3001\u591a\u4e3b\u590d\u5236\u7b49\u7279\u70b9\u3002\n\nRed Hat 389 Directory Server\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u8fc7\u671f\u5bc6\u7801\u8bbf\u95ee\u6570\u636e\u5e93\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u8eab\u4efd\u9a8c\u8bc1\u4e0d\u6b63\u786e\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://access.redhat.com/security/cve/cve-2022-0996",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-36035",
"openTime": "2022-05-10",
"products": {
"product": "Red Hat 389 Directory Server 1.4.0.0"
},
"referenceLink": "https://access.redhat.com/security/cve/cve-2022-0996",
"serverity": "\u4e2d",
"submitTime": "2022-03-23",
"title": "Red Hat 389 Directory Server\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}
FKIE_CVE-2022-0996
Vulnerability from fkie_nvd - Published: 2022-03-23 20:15 - Updated: 2025-11-03 21:15
Severity
Summary
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2064769 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://github.com/ByteHackr/389-ds-base | Exploit, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html | ||
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/ | ||
| secalert@redhat.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2064769 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ByteHackr/389-ds-base | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | 389_directory_server | 1.4.0.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| redhat | enterprise_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:389_directory_server:1.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE7A73C-5B0C-442D-A542-5FE5F249FB28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en 389 Directory Server que permite que las contrase\u00f1as caducadas accedan a la base de datos para causar una autenticaci\u00f3n inapropiada"
}
],
"id": "CVE-2022-0996",
"lastModified": "2025-11-03T21:15:50.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-23T20:15:10.713",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ByteHackr/389-ds-base"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ByteHackr/389-ds-base"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-W87J-439W-P9F3
Vulnerability from github – Published: 2022-03-24 00:00 – Updated: 2025-11-03 21:30
VLAI
Details
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2022-0996"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-613"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-23T20:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.",
"id": "GHSA-w87j-439w-p9f3",
"modified": "2025-11-03T21:30:38Z",
"published": "2022-03-24T00:00:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0996"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:5239"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:5620"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:5823"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:8162"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2022:8976"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2022-0996"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"type": "WEB",
"url": "https://github.com/ByteHackr/389-ds-base"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2022-0996
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-0996",
"description": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.",
"id": "GSD-2022-0996",
"references": [
"https://www.suse.com/security/cve/CVE-2022-0996.html",
"https://advisories.mageia.org/CVE-2022-0996.html",
"https://access.redhat.com/errata/RHSA-2022:5239",
"https://access.redhat.com/errata/RHSA-2022:5620",
"https://access.redhat.com/errata/RHSA-2022:5823",
"https://access.redhat.com/errata/RHSA-2022:8162",
"https://access.redhat.com/errata/RHSA-2022:8976"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-0996"
],
"details": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.",
"id": "GSD-2022-0996",
"modified": "2023-12-13T01:19:11.743020Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Impoper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"name": "https://github.com/ByteHackr/389-ds-base",
"refsource": "MISC",
"url": "https://github.com/ByteHackr/389-ds-base"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:389_directory_server:1.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2022-0996"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ByteHackr/389-ds-base",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ByteHackr/389-ds-base"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/",
"refsource": "MISC",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"
},
{
"name": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html",
"refsource": "MISC",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-04-24T09:15Z",
"publishedDate": "2022-03-23T20:15Z"
}
}
}
OPENSUSE-SU-2022:1100-1
Vulnerability from csaf_opensuse - Published: 2022-04-04 11:00 - Updated: 2022-04-04 11:00Summary
Security update for 389-ds
Severity
Important
Notes
Title of the patch: Security update for 389-ds
Description of the patch: This update for 389-ds fixes the following issues:
- CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275).
- CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345).
- Resolved LDAP-Support not working with DHCP by adding required schema (bsc#1194068)
- Resolved multiple index migration bug (bsc#1194084)
Patchnames: openSUSE-SLE-15.3-2022-1100
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.7 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
14 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1194068 | self |
| https://bugzilla.suse.com/1194084 | self |
| https://bugzilla.suse.com/1197275 | self |
| https://bugzilla.suse.com/1197345 | self |
| https://www.suse.com/security/cve/CVE-2022-0918/ | self |
| https://www.suse.com/security/cve/CVE-2022-0996/ | self |
| https://www.suse.com/security/cve/CVE-2022-0918 | external |
| https://bugzilla.suse.com/1197275 | external |
| https://www.suse.com/security/cve/CVE-2022-0996 | external |
| https://bugzilla.suse.com/1197345 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\n- CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275).\n- CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345).\n- Resolved LDAP-Support not working with DHCP by adding required schema (bsc#1194068)\n- Resolved multiple index migration bug (bsc#1194084)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-1100",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_1100-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:1100-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUT5CGHERM6PDXKCM7Z3IJLGIYJ6V6AO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:1100-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUT5CGHERM6PDXKCM7Z3IJLGIYJ6V6AO/"
},
{
"category": "self",
"summary": "SUSE Bug 1194068",
"url": "https://bugzilla.suse.com/1194068"
},
{
"category": "self",
"summary": "SUSE Bug 1194084",
"url": "https://bugzilla.suse.com/1194084"
},
{
"category": "self",
"summary": "SUSE Bug 1197275",
"url": "https://bugzilla.suse.com/1197275"
},
{
"category": "self",
"summary": "SUSE Bug 1197345",
"url": "https://bugzilla.suse.com/1197345"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0918 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0996 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0996/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2022-04-04T11:00:19Z",
"generator": {
"date": "2022-04-04T11:00:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:1100-1",
"initial_release_date": "2022-04-04T11:00:19Z",
"revision_history": [
{
"date": "2022-04-04T11:00:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product": {
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product_id": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product": {
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product_id": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product": {
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product_id": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product": {
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product_id": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product": {
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"product_id": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product": {
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product_id": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product": {
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product_id": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product": {
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product_id": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product": {
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product_id": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product": {
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"product_id": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product": {
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product_id": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product": {
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product_id": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product": {
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product_id": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product": {
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product_id": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product": {
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"product_id": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product": {
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product_id": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product": {
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product_id": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product": {
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product_id": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product": {
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product_id": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product": {
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"product_id": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
},
"product_reference": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
},
"product_reference": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
},
"product_reference": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
},
"product_reference": "389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
},
"product_reference": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
},
"product_reference": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
},
"product_reference": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
},
"product_reference": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
},
"product_reference": "389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
},
"product_reference": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
},
"product_reference": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
},
"product_reference": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
},
"product_reference": "lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64"
},
"product_reference": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le"
},
"product_reference": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x"
},
"product_reference": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
},
"product_reference": "libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0918"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0918",
"url": "https://www.suse.com/security/cve/CVE-2022-0918"
},
{
"category": "external",
"summary": "SUSE Bug 1197275 for CVE-2022-0918",
"url": "https://bugzilla.suse.com/1197275"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T11:00:19Z",
"details": "important"
}
],
"title": "CVE-2022-0918"
},
{
"cve": "CVE-2022-0996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0996"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0996",
"url": "https://www.suse.com/security/cve/CVE-2022-0996"
},
{
"category": "external",
"summary": "SUSE Bug 1197345 for CVE-2022-0996",
"url": "https://bugzilla.suse.com/1197345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-04T11:00:19Z",
"details": "moderate"
}
],
"title": "CVE-2022-0996"
}
]
}
OPENSUSE-SU-2024:11952-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
389-ds-2.0.14~git25.e6431d959-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: 389-ds-2.0.14~git25.e6431d959-1.1 on GA media
Description of the patch: These are all security issues fixed in the 389-ds-2.0.14~git25.e6431d959-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11952
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.7 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "389-ds-2.0.14~git25.e6431d959-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the 389-ds-2.0.14~git25.e6431d959-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11952",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11952-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0996 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0996/"
}
],
"title": "389-ds-2.0.14~git25.e6431d959-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11952-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.14~git25.e6431d959-1.1.aarch64",
"product": {
"name": "389-ds-2.0.14~git25.e6431d959-1.1.aarch64",
"product_id": "389-ds-2.0.14~git25.e6431d959-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64",
"product": {
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64",
"product_id": "389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64",
"product": {
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64",
"product_id": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "lib389-2.0.14~git25.e6431d959-1.1.aarch64",
"product": {
"name": "lib389-2.0.14~git25.e6431d959-1.1.aarch64",
"product_id": "lib389-2.0.14~git25.e6431d959-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64",
"product": {
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64",
"product_id": "libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.14~git25.e6431d959-1.1.ppc64le",
"product": {
"name": "389-ds-2.0.14~git25.e6431d959-1.1.ppc64le",
"product_id": "389-ds-2.0.14~git25.e6431d959-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le",
"product": {
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le",
"product_id": "389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le",
"product": {
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le",
"product_id": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lib389-2.0.14~git25.e6431d959-1.1.ppc64le",
"product": {
"name": "lib389-2.0.14~git25.e6431d959-1.1.ppc64le",
"product_id": "lib389-2.0.14~git25.e6431d959-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le",
"product": {
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le",
"product_id": "libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.14~git25.e6431d959-1.1.s390x",
"product": {
"name": "389-ds-2.0.14~git25.e6431d959-1.1.s390x",
"product_id": "389-ds-2.0.14~git25.e6431d959-1.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x",
"product": {
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x",
"product_id": "389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x",
"product": {
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x",
"product_id": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x"
}
},
{
"category": "product_version",
"name": "lib389-2.0.14~git25.e6431d959-1.1.s390x",
"product": {
"name": "lib389-2.0.14~git25.e6431d959-1.1.s390x",
"product_id": "lib389-2.0.14~git25.e6431d959-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x",
"product": {
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x",
"product_id": "libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.14~git25.e6431d959-1.1.x86_64",
"product": {
"name": "389-ds-2.0.14~git25.e6431d959-1.1.x86_64",
"product_id": "389-ds-2.0.14~git25.e6431d959-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64",
"product": {
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64",
"product_id": "389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64",
"product": {
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64",
"product_id": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "lib389-2.0.14~git25.e6431d959-1.1.x86_64",
"product": {
"name": "lib389-2.0.14~git25.e6431d959-1.1.x86_64",
"product_id": "lib389-2.0.14~git25.e6431d959-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64",
"product": {
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64",
"product_id": "libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.14~git25.e6431d959-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.aarch64"
},
"product_reference": "389-ds-2.0.14~git25.e6431d959-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.14~git25.e6431d959-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.ppc64le"
},
"product_reference": "389-ds-2.0.14~git25.e6431d959-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.14~git25.e6431d959-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.s390x"
},
"product_reference": "389-ds-2.0.14~git25.e6431d959-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.14~git25.e6431d959-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.x86_64"
},
"product_reference": "389-ds-2.0.14~git25.e6431d959-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64"
},
"product_reference": "389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le"
},
"product_reference": "389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x"
},
"product_reference": "389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64"
},
"product_reference": "389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64"
},
"product_reference": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le"
},
"product_reference": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x"
},
"product_reference": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64"
},
"product_reference": "389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.14~git25.e6431d959-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.aarch64"
},
"product_reference": "lib389-2.0.14~git25.e6431d959-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.14~git25.e6431d959-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.ppc64le"
},
"product_reference": "lib389-2.0.14~git25.e6431d959-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.14~git25.e6431d959-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.s390x"
},
"product_reference": "lib389-2.0.14~git25.e6431d959-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.14~git25.e6431d959-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.x86_64"
},
"product_reference": "lib389-2.0.14~git25.e6431d959-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64"
},
"product_reference": "libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le"
},
"product_reference": "libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x"
},
"product_reference": "libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64"
},
"product_reference": "libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0996"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0996",
"url": "https://www.suse.com/security/cve/CVE-2022-0996"
},
{
"category": "external",
"summary": "SUSE Bug 1197345 for CVE-2022-0996",
"url": "https://bugzilla.suse.com/1197345"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-devel-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:389-ds-snmp-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:lib389-2.0.14~git25.e6431d959-1.1.x86_64",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.aarch64",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.ppc64le",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.s390x",
"openSUSE Tumbleweed:libsvrcore0-2.0.14~git25.e6431d959-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0996"
}
]
}
RHBA-2022:7929
Vulnerability from csaf_redhat - Published: 2022-11-14 08:56 - Updated: 2026-04-06 13:23Summary
Red Hat Bug Fix Advisory: redhat-ds:11 bug fix and enhancement update
Severity
Low
Notes
Topic: An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.6 for RHEL 8.
Details: Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.
This release provides a number of bug fixes and enhancements. For detailed
information on changes in this release, see the Red Hat Directory Server 11
Release Notes linked from the References section.
Users of Red Hat Directory Server 11 are advised to upgrade to these
updated packages.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication.
5.7 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-DirSrv-11.6:python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
14 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHBA-2022:7929 | self |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1877647 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1934715 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1959465 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2062679 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2072061 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2109490 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2117025 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2022-0996 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2064769 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-0996 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-0996 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.6 for RHEL 8.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.\n\nThis release provides a number of bug fixes and enhancements. For detailed\ninformation on changes in this release, see the Red Hat Directory Server 11\nRelease Notes linked from the References section.\n\nUsers of Red Hat Directory Server 11 are advised to upgrade to these\nupdated packages.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:7929",
"url": "https://access.redhat.com/errata/RHBA-2022:7929"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/release_notes/index"
},
{
"category": "external",
"summary": "1877647",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877647"
},
{
"category": "external",
"summary": "1934715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934715"
},
{
"category": "external",
"summary": "1959465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959465"
},
{
"category": "external",
"summary": "2062679",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062679"
},
{
"category": "external",
"summary": "2072061",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072061"
},
{
"category": "external",
"summary": "2109490",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2109490"
},
{
"category": "external",
"summary": "2117025",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2117025"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_7929.json"
}
],
"title": "Red Hat Bug Fix Advisory: redhat-ds:11 bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-04-06T13:23:30+00:00",
"generator": {
"date": "2026-04-06T13:23:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHBA-2022:7929",
"initial_release_date": "2022-11-14T08:56:39+00:00",
"revision_history": [
{
"date": "2022-11-14T08:56:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-14T08:56:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-06T13:23:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Directory Server 11.6 for RHEL 8",
"product": {
"name": "Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:directory_server:11.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Directory Server"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src::redhat-ds:11",
"product": {
"name": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src (redhat-ds:11)",
"product_id": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=src\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debuginfo@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-debugsource@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-devel@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-legacy-tools-debuginfo@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-libs-debuginfo@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11)",
"product_id": "389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/389-ds-base-snmp-debuginfo@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=x86_64\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"product": {
"name": "cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch (redhat-ds:11)",
"product_id": "cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cockpit-389-ds@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=noarch\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
},
{
"category": "product_version",
"name": "python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"product": {
"name": "python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch (redhat-ds:11)",
"product_id": "python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-lib389@1.4.3.31-6.module%2Bel8dsrv%2B16980%2Bc4b9cd33?arch=noarch\u0026rpmmod=redhat-ds:11:8070020221019193157:95958119"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src::redhat-ds:11"
},
"product_reference": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11"
},
"product_reference": "389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11"
},
"product_reference": "cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch (redhat-ds:11) as a component of Red Hat Directory Server 11.6 for RHEL 8",
"product_id": "8Base-DirSrv-11.6:python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11"
},
"product_reference": "python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"relates_to_product_reference": "8Base-DirSrv-11.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0996",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2022-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2064769"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "389-ds-base: expired password was still allowed to access the database",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"8Base-DirSrv-11.6:python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0996"
},
{
"category": "external",
"summary": "RHBZ#2064769",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0996"
}
],
"release_date": "2022-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-14T08:56:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"8Base-DirSrv-11.6:python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:7929"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.src::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-debugsource-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-devel-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-legacy-tools-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-legacy-tools-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-libs-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-libs-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-snmp-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:389-ds-base-snmp-debuginfo-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64::redhat-ds:11",
"8Base-DirSrv-11.6:cockpit-389-ds-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11",
"8Base-DirSrv-11.6:python3-lib389-0:1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch::redhat-ds:11"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "389-ds-base: expired password was still allowed to access the database"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…