vulnerability
Red Hat: CVE-2019-13057: openldap: Information disclosure issue in slapd component
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:P/I:N/A:N) | Jul 26, 2019 | Jul 9, 2025 | Jul 9, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Published
Jul 26, 2019
Added
Jul 9, 2025
Modified
Jul 9, 2025
Description
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
Solution
no-fix-redhat-rpm-package
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.