{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T17:41:06.138","vulnerabilities":[{"cve":{"id":"CVE-2017-15135","sourceIdentifier":"secalert@redhat.com","published":"2018-01-24T15:29:01.167","lastModified":"2024-11-21T03:14:08.477","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances."},{"lang":"es","value":"Se ha descubierto que 389-ds-base, desde la versión 1.3.6.1 y hasta e incluyendo la versión 1.4.0.3, no manipulaba siempre las operaciones de comparación de hash internas de manera correcta durante el proceso de autenticación. Un atacante remoto no autenticado podría emplear este error para omitir el proceso de autenticación bajo circunstancias muy excepcionales."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*","versionStartIncluding":"1.3.6.1","versionEndIncluding":"1.4.0.3","matchCriteriaId":"9917C1A6-93B5-415D-B8F2-0131B9345A09"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/102811","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0414","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2018:0515","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1525628","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/102811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0414","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2018:0515","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1525628","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}}]}