While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Apache
  • Directory Studio

Configuration 1 [-]

OR cpe:2.3:a:apache:directory_studio:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone10:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone11:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone12:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone13:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone14:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone15:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone16:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone6:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone7:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone8:*:*:*:*:*:*
cpe:2.3:a:apache:directory_studio:2.0.0:milestone9:*:*:*:*:*:*
References
Link Resource
https://lists.apache.org/thread.html/rb1dbcc43a5b406e45d335343a1704f4233de613140a01929d102fdc9%40%3Cusers.directory.apache.org%3E Mailing List Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2021-07-26T07:05:10

Updated: 2021-07-26T07:05:10

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-33900

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-07-26T07:15:07.183

Modified: 2022-10-27T12:28:40.833

Link: CVE-2021-33900

JSON object: View

cve-icon Redhat Information

No data.

CWE