Critical Vulnerability Advisory Report

Summary	Denial of Service due to application crash
Release Date	21st December 2022
Product	M-Vault
Version(s)	16.0v0 to 17.0v23
CVE ID	CVE-2022-47581

Summary of vulnerability

This advisory discloses a critical vulnerability introduced in version R16.0v0 of M-Vault. The following versions are affected by this vulnerability:

M-Vault R16.0v0 to R17.0v23.

This is a bug where an LDAPv1 bind request leads to a server crash, thereby leading to denial of service.

Severity

Isode rates the severity level of this vulnerability as high, according to the CVSS system (details can be found at www.first.org).

Mitigation

This vulnerability has been fixed in M-Vault R17.0v24 and affected services are advised to immediately upgrade to this version. Current later versions (such as the subsequent major release R18.0) are not affected by this vulnerability.

Acknowledgements

This vulnerability was discovered, with thanks from Isode, by Jerome Nokin of the NATO Cyber Security Centre (NCSC).

Products

Categories

Suggested Searches

Popular Searches

Industries

Military

Civil Aviation

EDI

Government Directory

Support

Isode Support

Software Support

Guides and Downloads

Contact

About Isode

About Isode

Partners

Careers

News

Critical Vulnerability Advisory Report

Summary of vulnerability

Severity

Mitigation

Acknowledgements

Products

Categories

Suggested Searches

Popular Searches

Military

Civil Aviation

EDI

Government Directory

Isode Support

Software Support

Guides and Downloads

Contact

About Isode

Partners

Careers

News

Critical Vulnerability Advisory Report

Summary of vulnerability

Severity

Mitigation

Acknowledgements

Customer Portal