Lucene search
+L

46 matches found

osv
osv
added 2024/06/21 3:52 p.m.4 views

GHSA-C25H-C27Q-5QPV Keycloak leaks configured LDAP bind credentials through the Keycloak admin console

Impact The LDAP testing endpoint allows to change the Connection URL independently of and without having to re-enter the currently configured LDAP bind credentials. An attacker with admin access permission manage-realm can change the LDAP host URL "Connection URL" to a machine they control. The...

2.7CVSS5.9AI score0.00649EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2024/04/23 12:0 a.m.11 views

PT-2024-7256 · 1с · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: 1C-Bitrix Bitrix24 version 23.300.100 Description: The issue is related to insufficiently protected credentials in AD/LDAP server settings, allowing remote administrators to send AD/LDAP administrators' account passwords to an arbitrary serve...

6.8CVSS7.7AI score0.00339EPSS
Exploits0References8
cnnvd
cnnvd
added 2023/08/03 12:0 a.m.6 views

GatesAIr Flexiva FM Transmitter Security Vulnerability

GatesAIr Flexiva FM Transmitter is an FM platform from GatesAIr, Inc. A security vulnerability exists in the GatesAIR Flexiva FM Transmitter/Exciter Fax 150W that could allow a remote attacker to gain privileges via LDAP and SMTP credentials...

9.8CVSS7.3AI score0.00774EPSS
Exploits1References4
bdu_fstec
bdu_fstec
added 2023/04/12 12:0 a.m.5 views

The vulnerability of the samba-tool utility in the Samba networking communication software package allows a hacker to gain unauthorized access to the device.

The vulnerability of the samba-tool tool in the Samba networking software package is related to the transmission of credentials in an unencrypted form when working with an LDAP server. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to the device...

6.1CVSS6.7AI score0.00484EPSS
Exploits0References11Affected Software4
bdu_fstec
bdu_fstec
added 2023/02/15 12:0 a.m.8 views

The vulnerability of Fortinet FortiOS operating systems arises from the incorrect assignment of permissions to critical resources, allowing attackers to obtain login credentials for accessing the LDAP server.

The vulnerability of Fortinet FortiOS operating systems is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain login credentials for accessing the LDAP server through a specially crafted...

4.3CVSS7.9AI score0.38088EPSS
Exploits3References5Affected Software2
osv
osv
added 2022/11/15 2:15 a.m.5 views

CVE-2022-42132

The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, whic...

5.9CVSS6.2AI score0.00466EPSS
Exploits0References3
cnnvd
cnnvd
added 2022/06/09 12:0 a.m.8 views

IGEL Universal Management Suite 安全漏洞

The IGEL Universal Management Suite IGEL UMS is a single management solution from IGEL Germany. It can be used for up to tens of thousands of endpoints running IGEL OS. A security vulnerability exists in IGEL Universal Management Suite UMS version 6.07.100, which originates from the transmission ...

6.5CVSS6.5AI score0.00555EPSS
Exploits1References3
attackerkb
attackerkb
added 2021/11/02 6:15 p.m.4 views

CVE-2021-41019

An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...

6.5CVSS6.6AI score0.00551EPSS
Exploits0References2
osv
osv
added 2021/10/01 3:15 p.m.5 views

CVE-2021-3825

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials...

9.6CVSS5.8AI score0.01569EPSS
Exploits1References2
cnnvd
cnnvd
added 2021/10/01 12:0 a.m.5 views

Tubitak Ulakbim LiderAhenk Software 访问控制错误漏洞

Tubitak Ulakbim LiderAhenk Software is an open source software system from the Turkish National Center for Academic Networks and Knowledge Tubitak Ulakbim company. It is used for centralized management, monitoring and control of systems and users on corporate networks. A security vulnerability...

9.6CVSS8.3AI score0.01569EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2021/10/01 12:0 a.m.18 views

PT-2021-22011

Name of the Vulnerable Software and Affected Versions: LiderAhenk software Lider module versions 2.1.15 and below Description: The issue is related to the Lider module in LiderAhenk software, where configurations are leaked via an unsecured API. An attacker with access to the configurations API...

9.6CVSS7.3AI score0.01569EPSS
Exploits1References9
osv
osv
added 2021/06/08 6:15 p.m.4 views

CVE-2021-21558

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the...

4.4CVSS5.8AI score0.0025EPSS
Exploits0References1
ics
ics
added 2020/10/24 12:0 p.m.61 views

Continued Threat Actor Exploitation Post Pulse Secure VPN Patching

Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT&CK® framework. See the ATT &CK for Enterprise framework for all referenced threat actor techniques and mitigations. This Alert provides an update to Cybersecurity and Infrastructure Security...

10CVSS9.7AI score0.99999EPSS
Exploits22References53
cnvd
cnvd
added 2020/08/18 12:0 a.m.5 views

Unspecified Vulnerability in McAfee Data Loss Prevention

McAfee Data Loss Prevention DLP is a data loss prevention suite from McAfee, Inc. that includes components such as McAfee DLP Monitor, McAfee DLP Endpoint, and other features such as event management and reporting, and synchronization of local and cloud DLP policies. A security vulnerability exis...

5.2CVSS6.8AI score0.00248EPSS
Exploits0References1
osv
osv
added 2020/08/06 7:15 p.m.5 views

CVE-2020-13793

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key...

9.8CVSS7.3AI score0.01687EPSS
Exploits0References2
cnvd
cnvd
added 2020/04/28 12:0 a.m.5 views

Sonatype Nexus Repository Manager Information Disclosure Vulnerability (CNVD-2020-33469)

Sonatype Nexus Repository Manager NXRM is a repository manager from Sonatype, Inc. that is used to manage, store, and distribute software, among other things. A security vulnerability exists in Sonatype NXRM version 2.x prior to 2.14.17 and version 3.x prior to 3.22.1. An attacker can exploit the...

4.9CVSS6.8AI score0.00648EPSS
Exploits0References1
thn
thn
added 2020/04/17 11:20 a.m.9 views

CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

The United States Cybersecurity and Infrastructure Security Agency CISA yesterday issued a fresh advisory alerting organizations to change all their Active Directory credentials as a defense against cyberattacks trying to leverage a known remote code execution RCE vulnerability in Pulse Secure VP...

10CVSS8.2AI score0.99999EPSS
Exploits22
threatpost
threatpost
added 2020/04/14 5:55 p.m.44 views

TA505 Crime Gang Deploys SDBbot for Corporate Network Takeover

The TA505 cybercrime group has ramped up its attacks lately, with a set of campaigns bent on spreading the persistent SDBbot remote-access trojan RAT laterally throughout an entire corporate environment, researchers said. SDBbot RAT is a custom job that has been observed in TA505 attacks since at...

0.1AI score
Exploits0References12
osv
osv
added 2019/08/29 3:15 p.m.4 views

CVE-2019-3394

There was a local file disclosure vulnerability in Confluence Server and Confluence Data Center via page exporting. An attacker with permission to editing a page is able to exploit this issue to read arbitrary file on the server under /confluence/WEB-INF directory, which may contain configuration...

8.8CVSS7.4AI score0.11406EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2019/05/14 12:0 a.m.4 views

PT-2019-12182 · Tibco · Tibco Spotfire Statistics Services

Name of the Vulnerable Software and Affected Versions: TIBCO Spotfire Statistics Services versions up to and including 7.11.1 TIBCO Spotfire Statistics Services version 10.0.0 Description: The web interface component of TIBCO Spotfire Statistics Services contains an issue that could allow an...

9.9CVSS9AI score0.01524EPSS
Exploits0References4
Rows per page
Query Builder