A flaw was found in OpenLDAP before version 2.4.48. An improper authorization issue in cyrus-sasl based SASL mechanisms may lead to ACL bypass. References: https://bugzilla.redhat.com/show_bug.cgi?id=1728902
This vulnerability is out of security support scope for the following product: * Red Hat Enterprise Application Platform 5 * Red Hat JBoss Web Server 2 * Red Hat JBoss Core Services Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
External References: http://www.openldap.org/lists/openldap-announce/201907/msg00001.html https://openldap.org/its/?findid=9052
Created openldap tracking bugs for this issue: Affects: fedora-all [bug 1738898]
Patch: https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0fa0f8ff078a3a49a19574eecaea797b7a55a665
Statement: This issue did not affect the versions of openldap as shipped with Red Hat Enterprise Linux 8, as it only affects the openldap-servers package, which is not shipped.