Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Lemonldap:: Security Vulnerabilities

cve
cve

CVE-2012-6426

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

6.9AI Score

0.005EPSS

2022-10-03 04:15 PM
23
cve
cve

CVE-2019-12046

LemonLDAP::NG -2.0.3 has Incorrect Access Control.

9.8CVSS

9.3AI Score

0.025EPSS

2019-05-22 04:29 PM
49
cve
cve

CVE-2019-13031

LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.

8.1CVSS

7.9AI Score

0.003EPSS

2019-06-28 11:15 PM
45
cve
cve

CVE-2019-15941

OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. To be vulnerable, there must exist an OIDC Relaying party within the LemonLDAP configuration with weaker access control rules than the ta...

9.8CVSS

9AI Score

0.005EPSS

2019-09-25 08:15 PM
35