Description
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
Remediation
References
https://github.com/neo4j/neo4j/issues/12047
Related Vulnerabilities
CVE-2020-28469 Vulnerability in npm package glob-parent
CVE-2020-14968 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign
CVE-2020-23256 Vulnerability in npm package electerm
CVE-2022-35915 Vulnerability in npm package @openzeppelin/contracts
CVE-2017-16134 Vulnerability in npm package http_static_simple