CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0574 – Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2023-0574
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0 • https://www.yugabyte.com • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37397 – The software is vulnerable when using LDAP-based authentication in YCQL with Microsoft’s Active Directory
https://notcve.org/view.php?id=CVE-2022-37397
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password. Se ha detectado un problema en YugabyteDB versión 2.6.1, cuando es usada la autenticación basada en LDAP en YCQL con el Directorio Activo de Microsoft. Cuando es habilitada la vinculación anónima o no autenticada de LDAP, permite omitir la autenticación con una contraseña vacía. • https://www.yugabyte.com • CWE-16: Configuration CWE-287: Improper Authentication •