Terminalfour up to 8.3.15 LDAP improper authentication

Summaryinfo

A vulnerability was found in Terminalfour up to 8.3.15. It has been classified as critical. This impacts an unknown function of the component LDAP Handler. This manipulation causes improper authentication. This vulnerability is tracked as CVE-2023-29484. No exploit exists. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability classified as critical was found in Terminalfour up to 8.3.15. Affected by this vulnerability is an unknown code block of the component LDAP Handler. The manipulation with an unknown input leads to a improper authentication vulnerability. The CWE definition for the vulnerability is CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was disclosed 10/16/2023. The advisory is shared at docs.terminalfour.com. This vulnerability is known as CVE-2023-29484 since 04/07/2023. Neither technical details nor an exploit are publicly available.

Upgrading to version 8.3.16 eliminates this vulnerability. The upgrade is hosted for download at docs.terminalfour.com.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-33051). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Name

• Terminalfour

Version

• 8.3.0
• 8.3.1
• 8.3.2
• 8.3.3
• 8.3.4
• 8.3.5
• 8.3.6
• 8.3.7
• 8.3.8
• 8.3.9
• 8.3.10
• 8.3.11
• 8.3.12
• 8.3.13
• 8.3.14
• 8.3.15

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion