Terminalfour
CVE-2023-29484
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.
AnalysisAI
In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. Affected products include: Terminalfour. Version information: before 8.3.16.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
More in Terminalfour
View allTerminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2
In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper serv
A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use speci
An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL
The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from appl
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today