CVE-2014-9217

Name: CVE-2014-9217
Creator: NVD / NIST
Published: 2014-12-08T11:59:10.36+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.30%

Last modified Jun 17, 2026

CVE-2014-9217 is a vulnerability of currently unknown severity. Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.. EPSS estimates a 2.30% chance of exploitation in the next 30 days.

Description

Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.

Metrics

EPSS Probability

2.30%

81.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Torch Gmbh	Graylog2	<= 0.91.3

References

http://seclists.org/oss-sec/2014/q4/1130
http://www.graylog2.org/news/post/0010-graylog2-v0-92Exploit, Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99571
http://seclists.org/oss-sec/2014/q4/1130
http://www.graylog2.org/news/post/0010-graylog2-v0-92Exploit, Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99571

Timeline

Published: Dec 8, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-9217?

Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.

How severe is CVE-2014-9217?

Severity scoring for CVE-2014-9217 is pending analysis. The EPSS model estimates a 2.30% probability of exploitation in the next 30 days.

How do I fix CVE-2014-9217?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-9217?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST