CVE-2021-34802

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
neo4jgraph_databse
4.2
neo4jgraph_databse
4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://neo4j.com
https://neo4j.com/developer/kb/neo4j-4-2-x-sec-vuln-fix/
https://neo4j.com
https://neo4j.com/developer/kb/neo4j-4-2-x-sec-vuln-fix/