Description
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
Remediation
References
https://github.com/neo4j/neo4j/issues/12047
Related Vulnerabilities
CVE-2023-45278 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2021-3918 Vulnerability in npm package json-schema
CVE-2019-20444 Vulnerability in maven package io.netty:netty-all
CVE-2022-28366 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml
CVE-2021-21122 Vulnerability in maven package org.webjars.npm:electron