CVE-2018-1000134
unknown
CVSS v3
—
VIR risk
—
Description
Weak Password Requirements in UnboundID LDAP SDK
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | com.unboundid:unboundid-ldapsdk | >=1.1.0,<4.0.5 | 4.0.5 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000134
- https://github.com/pingidentity/ldapsdk/issues/40
- https://github.com/pingidentity/ldapsdk/commit/801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb
- https://github.com/pingidentity/ldapsdk/commit/8471904a02438c03965d21367890276bc25fa5a6#diff-f6cb23b459be1ec17df1da33760087fd
- https://access.redhat.com/errata/RHSA-2018:1713
- https://github.com/pingidentity/ldapsdk
- http://www.securityfocus.com/bid/103458
💬 Discuss CVE-2018-1000134 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.