CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.6%

CVSS Severity

CVSS v2 Score 7.5

References

http://jira.ow2.org/browse/LEMONLDAP-570
http://openwall.com/lists/oss-security/2012/12/19/6
http://openwall.com/lists/oss-security/2012/12/20/6
http://jira.ow2.org/browse/LEMONLDAP-570
http://openwall.com/lists/oss-security/2012/12/19/6
http://openwall.com/lists/oss-security/2012/12/20/6

Products affected by CVE-2012-6426

Lemonldap-Ng » Lemonldap: » Version: Any

cpe:2.3:a:lemonldap-ng:lemonldap:

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-6426

Products

Pricing

Contact Us