Authentication Bypass

Affecting org.neo4j:neo4j-security-enterprise artifact, versions [,3.4.9)

medium severity

Overview

org.neo4j:neo4j-security-enterprise is a Graph Database.

Affected versions of this package are vulnerable to Authentication Bypass. An attacker could log into the server by sending any valid username with an arbitrary password.

Remediation

Upgrade org.neo4j:neo4j-security-enterprise to version 3.4.9 or higher.

References

Do your applications use this vulnerable package?

Credit
oschlueter
CVE
CVE-2018-18389
CWE
CWE-592
Snyk ID
SNYK-JAVA-ORGNEO4J-72466
Disclosed
08 Oct, 2018
Published
21 Oct, 2018