CVE-2019-14902 MEDIUM

CVE-2019-14902

Vendor [Unknown]
Product samba
Weakness CWE-284
Published January 21, 2020
Last update August 5, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

Key dates

02Disclosure timeline

January 21, 2020 CVE published
August 5, 2024 Record updated