Vulnerability Description
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Couchbase | Couchbase Server | >= 6.5.0, <= 6.5.2 |
Related Weaknesses (CWE)
References
- https://docs.couchbase.com/server/current/release-notes/relnotes.htmlRelease NotesVendor Advisory
- https://www.couchbase.com/alertsVendor Advisory
- https://docs.couchbase.com/server/current/release-notes/relnotes.htmlRelease NotesVendor Advisory
- https://www.couchbase.com/alertsVendor Advisory
FAQ
What is CVE-2021-35943?
CVE-2021-35943 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.
How severe is CVE-2021-35943?
CVE-2021-35943 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-35943?
Check the references section above for vendor advisories and patch information. Affected products include: Couchbase Couchbase Server.