
Cloud Vulnerability DB
A community-led vulnerabilities database
A denial of service vulnerability (CVE-2024-2199) was discovered in the 389-ds-base LDAP server. The vulnerability was reported on May 28, 2024, and affects the server's password modification functionality. This security issue specifically impacts authenticated users attempting to modify the userPassword
attribute (NVD).
The vulnerability occurs in the password modification process within the slapd/modify.c component of the 389-ds-base LDAP server. When an authenticated user attempts to modify the userPassword
attribute using malformed input, it can trigger a server crash. The vulnerability has been assigned a CVSS v3.1 base score of 5.7 (Medium) with the vector string CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating adjacent network access, low attack complexity, and high availability impact (Red Hat Security).
The primary impact of this vulnerability is a denial of service condition. When successfully exploited, it can cause the LDAP server to crash, disrupting service availability for all users. The vulnerability requires authentication to exploit, which somewhat limits its potential impact (Red Hat Bugzilla).
Red Hat has released security updates to address this vulnerability across multiple product versions. Updates are available through various security advisories including RHSA-2024:3591, RHSA-2024:3837, RHSA-2024:4092, RHSA-2024:4209, RHSA-2024:4210, and RHSA-2024:4235. Users are advised to apply these updates to mitigate the vulnerability (Red Hat Security).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."