Theforeman: >> Foreman >> 1.7.0 Security Vulnerabilities
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
CVSS Score
4.0
EPSS Score
0.004
Published
2015-08-14
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
CVSS Score
5.0
EPSS Score
0.002
Published
2015-08-14
Page 4