CVE-2014-0097

high

VMware

CVSS v3 Base Score

7.3

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

0.2%

Exploitation probability in 30 days

Top 54% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

Low

Availability

Low

Published: May 25, 2017 (3276 days ago)

Last Modified: May 13, 2026

Vendor: VMware

Source: NVD

Description

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.

CWE

CWE-287

Affected Products

vmware spring security

References

🔗 pivotal.io 🔗 www.oracle.com 🔗 pivotal.io 🔗 www.oracle.com

CVE-2014-0097

Vulnerability Report

Description

CWE

Affected Products

References