← Back

CVE-2021-33900

nvd nist
Published: Jul 26, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.

Affected (17)

Apache
1 product
Directory Studio
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Directory Studio
Up to 1.5.3
Directory Studio
Version 2.0.0 milestone10
Directory Studio
Version 2.0.0 milestone11
Directory Studio
Version 2.0.0 milestone12
Directory Studio
Version 2.0.0 milestone13
Directory Studio
Version 2.0.0 milestone14
Directory Studio
Version 2.0.0 milestone15
Directory Studio
Version 2.0.0 milestone16
Directory Studio
Version 2.0.0 milestone1
Directory Studio
Version 2.0.0 milestone2
Directory Studio
Version 2.0.0 milestone3
Directory Studio
Version 2.0.0 milestone4
Directory Studio
Version 2.0.0 milestone5
Directory Studio
Version 2.0.0 milestone6
Directory Studio
Version 2.0.0 milestone7
Directory Studio
Version 2.0.0 milestone8
Directory Studio
Version 2.0.0 milestone9

Related CWEs

CWE-311
Missing Encryption of Sensitive Data
The product does not encrypt sensitive or critical information before storage or transmission.
CWE-319
Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (2)

Source: security@apache.org
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory

Timeline

No history available yet.