CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-35472

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.2%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.0

References

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags
https://www.debian.org/security/2021/dsa-4943
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8d3b763b6af2b8a9c4ad2765fbfabffec8a73af5
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/tags
https://www.debian.org/security/2021/dsa-4943

Products affected by CVE-2021-35472

Lemonldap-Ng » Lemonldap: » Version: Any

cpe:2.3:a:lemonldap-ng:lemonldap:
Debian » Debian Linux » Version: 10.0

cpe:2.3:o:debian:debian_linux:10.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-35472

Products

Pricing

Contact Us