Privilege Escalation Vulnerability in Novell eDirectory
CVE-2016-9167

7.5HIGH

Key Information:

Vendor: Novell
Status: Novell Edirectory
Vendor: CVE Published:; 23 March 2017

What is CVE-2016-9167?

In Novell eDirectory versions prior to 9.0.2, the NDSD component did not properly calculate Access Control Lists (ACLs) on LDAP objects that cross partition boundaries. This flaw allows an attacker to potentially escalate privileges by modifying user attributes that should be restricted based on ACL filtering. Proper management of ACLs is crucial to secure users' data and maintain the integrity of access across the eDirectory environment.

Affected Version(s)

Novell eDirectory Novell eDirectory

References

https://www.novell.com/support/kb/doc.php?id=7016794

x_refsource_CONFIRM

http://www.securityfocus.com/bid/97315

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2017
Vulnerability Reserved
Nov 3, 2016