CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Univention: >> Ucs@school Security Vulnerabilities

CVE-2020-17477

Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.

CVSS Score

6.5

EPSS Score

0.001

Published

2023-10-26

Page 1

Vulnerabilities

Vulnerable Software

Univention: >> Ucs@school Security Vulnerabilities

Products

Pricing

Contact Us