Description
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
Remediation
References
https://github.com/neo4j/neo4j/issues/12047
Related Vulnerabilities
CVE-2020-15096 Vulnerability in npm package electron
CVE-2022-4742 Vulnerability in npm package json-pointer
CVE-2020-8137 Vulnerability in npm package uppy
CVE-2022-36092 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2020-7603 Vulnerability in npm package closure-compiler-stream