{"containers": {"cna": {"affected": [{"product": "389-ds-base", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.4"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication."}], "problemTypes": [{"descriptions": [{"description": "Impoper Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2023-04-24T08:06:14.526Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ByteHackr/389-ds-base"}, {"name": "FEDORA-2022-40544b5314", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"}, {"name": "FEDORA-2022-2558f14c58", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"}]}, "adp": [{"title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ByteHackr/389-ds-base"}, {"name": "FEDORA-2022-40544b5314", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"}, {"name": "FEDORA-2022-2558f14c58", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:34:34.393Z"}}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-0996", "datePublished": "2022-03-23T19:46:16.000Z", "dateReserved": "2022-03-16T00:00:00.000Z", "dateUpdated": "2025-11-03T20:34:34.393Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{}

{"affected": [{"affectedData": [{"product": "389-ds-base", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.4"}]}], "source": "secalert@redhat.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:389_directory_server:1.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BE7A73C-5B0C-442D-A542-5FE5F249FB28", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en 389 Directory Server que permite que las contrase\u00f1as caducadas accedan a la base de datos para causar una autenticaci\u00f3n inapropiada"}], "id": "CVE-2022-0996", "lastModified": "2026-06-17T04:21:36.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-23T20:15:10.713", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ByteHackr/389-ds-base"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ByteHackr/389-ds-base"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QFD7CBBX3IZOSHEWL2EYKRLOEQSXCZ6/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5239", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "389-ds-base-0:1.3.10.2-16.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-06-28T00:00:00Z"}, {"advisory": "RHSA-2022:5823", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "389-ds:1.4-8060020220519123000.824efc52", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-08-02T00:00:00Z"}, {"advisory": "RHSA-2022:5620", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "389-ds:1.4-8040020220615161601.96015a92", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-19T00:00:00Z"}, {"advisory": "RHSA-2022:8162", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "389-ds-base-0:2.1.3-4.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-15T00:00:00Z"}, {"advisory": "RHSA-2022:8976", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "389-ds-base-0:2.0.14-3.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2022-12-13T00:00:00Z"}], "bugzilla": {"description": "389-ds-base: expired password was still allowed to access the database", "id": "2064769", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064769"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-287", "details": ["A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.", "A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication."], "name": "CVE-2022-0996", "package_state": [{"cpe": "cpe:/a:redhat:directory_server:11", "fix_state": "Affected", "package_name": "redhat-ds:11/389-ds-base", "product_name": "Red Hat Directory Server 11"}, {"cpe": "cpe:/a:redhat:directory_server:12", "fix_state": "Not affected", "package_name": "redhat-ds:12/389-ds-base", "product_name": "Red Hat Directory Server 12"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "389-ds-base", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-03-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-0996\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0996"], "threat_severity": "Low"}

{}