Description


On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

Related CPE's


Weaknesses



CWE-306


CWE-306

CVSS impact metrics


CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.6 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-01T15:15:07.883

3 years ago

Last modified

2024-09-16T20:15:40.320

9 months ago