Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

  • Published: Jul 26, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-13057
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 4.9
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
openldap / openldap - 2.4.48
canonical / ubuntu_linux 16.04 16.04.x
canonical / ubuntu_linux 18.04 18.04.x
canonical / ubuntu_linux 19.04 19.04.x
canonical / ubuntu_linux 14.04 14.04.x
canonical / ubuntu_linux 12.04 12.04.x
debian / debian_linux 8.0 8.0.x
opensuse / leap 15.0 15.0.x
opensuse / leap 15.1 15.1.x
apple / mac_os_x 10.14 10.14.6
apple / mac_os_x 10.14.6 10.14.6.x
apple / mac_os_x 10.13.6-security_update_2018-003 10.13.6-security_update_2018-003.x
apple / mac_os_x 10.13.6-security_update_2018-002 10.13.6-security_update_2018-002.x
apple / mac_os_x 10.13.6-security_update_2019-003 10.13.6-security_update_2019-003.x
apple / mac_os_x 10.13.6-security_update_2019-002 10.13.6-security_update_2019-002.x
apple / mac_os_x 10.13.6-security_update_2019-001 10.13.6-security_update_2019-001.x
apple / mac_os_x 10.13.6-security_update_2019-006 10.13.6-security_update_2019-006.x
apple / mac_os_x 10.13.6-security_update_2019-005 10.13.6-security_update_2019-005.x
apple / mac_os_x 10.13.6-security_update_2019-004 10.13.6-security_update_2019-004.x
apple / mac_os_x 10.13.6 10.13.6.x
apple / mac_os_x 10.14.6-security_update_2019-001 10.14.6-security_update_2019-001.x
apple / mac_os_x 10.13 10.13.6
apple / mac_os_x 10.15 10.15.2
mcafee / policy_auditor - 6.5.1
mcafee / policy_auditor 6.5.1 6.5.1.x
oracle / solaris 11 11.x
oracle / zfs_storage_appliance_kit 8.8 8.8.x
oracle / blockchain_platform - 21.1.2