CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue affects Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
apacheCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
apachedirectory_studio
𝑥
≤ 1.5.3
apachedirectory_studio
2.0.0:milestone1
apachedirectory_studio
2.0.0:milestone10
apachedirectory_studio
2.0.0:milestone11
apachedirectory_studio
2.0.0:milestone12
apachedirectory_studio
2.0.0:milestone13
apachedirectory_studio
2.0.0:milestone14
apachedirectory_studio
2.0.0:milestone15
apachedirectory_studio
2.0.0:milestone16
apachedirectory_studio
2.0.0:milestone2
apachedirectory_studio
2.0.0:milestone3
apachedirectory_studio
2.0.0:milestone4
apachedirectory_studio
2.0.0:milestone5
apachedirectory_studio
2.0.0:milestone6
apachedirectory_studio
2.0.0:milestone7
apachedirectory_studio
2.0.0:milestone8
apachedirectory_studio
2.0.0:milestone9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache-directory-server
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://lists.apache.org/thread.html/rb1dbcc43a5b406e45d335343a1704f4233de613140a01929d102fdc9%40%3Cusers.directory.apache.org%3E
https://lists.apache.org/thread.html/rb1dbcc43a5b406e45d335343a1704f4233de613140a01929d102fdc9%40%3Cusers.directory.apache.org%3E