Access Restriction Bypass Affecting openldap package, versions [0,]


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.14% (36th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-OPENLDAP-10077981
  • published8 May 2025
  • disclosed1 Apr 2015
  • creditUnknown

Introduced: 1 Apr 2015

CVE-2014-9713  (opens in a new tab)
CWE-264  (opens in a new tab)

How to fix?

There is no fixed version for openldap.

Overview

Affected versions of this package are vulnerable to Access Restriction Bypass. The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

References

CVSS Base Scores

version 3.1