CVE-2021-34802
HIGHNeo4j Graph Database 4.2.0-4.2.7 - Authenticated Privilege Escalation via Transaction Security Context
Title source: llmDescription
A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges.
References (2)
Core 2
Core References
Product x_refsource_misc
https://neo4j.com
Vendor Advisory x_refsource_misc
https://neo4j.com/developer/kb/neo4j-4-2-x-sec-vuln-fix/
Scores
CVSS v3
8.8
EPSS
0.0104
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (3)
neo4j/graph_databse
4.2
neo4j/graph_databse
4.3
org.neo4j/neo4j-kernel
4.2.0 - 4.2.8Maven
Published
Jul 30, 2021
Tracked Since
Feb 18, 2026