CVE-2019-16180

2019-09-0921:15:11

Google

osv.dev

7.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.0%

JSON

Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.

CPENameOperatorVersion
limesurveyeq1.71_plus_2008-07-15
limesurveyeq2.00_plus_121231
limesurveyeq3.14.10+180924
limesurveyeq3.15.0+181008
limesurveyeq2.06_plus_150831
limesurveyeq1.92_plus_120608
limesurveyeq2.06_plus_150723
limesurveyeq2.70.0+170921
limesurveyeq2.05_beta_2
limesurveyeq2.50_plus_160613

Name	Operator	Version
limesurvey	eq	1.71_plus_2008-07-15
limesurvey	eq	2.00_plus_121231
limesurvey	eq	3.14.10+180924
limesurvey	eq	3.15.0+181008
limesurvey	eq	2.06_plus_150831
limesurvey	eq	1.92_plus_120608
limesurvey	eq	2.06_plus_150723
limesurvey	eq	2.70.0+170921
limesurvey	eq	2.05_beta_2
limesurvey	eq	2.50_plus_160613