571 matches found
CVE-2020-26214
In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for...
CVE-2020-26288
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. It is an npm package "parse-server". In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping...
Security Bulletin: IBM Engineering Lifecycle Optimization - Apache Derby: LDAP Injection Vulnerability In Authenticator
Summary A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware...
Xerox Printers Multiple Vulnerabilities (XRX25-003)
Multiple Xerox printers are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2024-12510 LDAP Authentication Sever Pass-back attack
If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup...
JetBrains YouTrack 2024.3.55417 Multiple Vulnerabilities
The version of JetBrains YouTrack installed on the remote host is prior to 2024.3.55417. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024355417 advisory. - In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...
CVE-2025-24456
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...
CVE-2025-24456
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...
CVE-2025-24456
In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping...
CVE-2025-24456
CVE-2025-24456 affects JetBrains Hub; multiple sources confirm a privilege escalation via LDAP authentication mapping in Hub before version 2024.3.55417. Affected product/version: JetBrains Hub prior to 2024.3.55417. Root cause: privilege escalation through LDAP authentication mapping. Impact: el...
Race Condition
pgAdmin is vulnerable to Race Condition. The vulnerability is due to improper session handling in server mode with LDAP authentication, where simultaneous login attempts can result in users being attached to another user's session...
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
Pandora FMS is a monitoring solution that provides full observability for your organization's technology. This module exploits an command injection vulnerability in the LDAP authentication mechanism of Pandora FMS. You need have admin access at the Pandora FMS Web application in order to execute...
GHSA-7W6R-748W-MH52 pgAdmin has Incorrect Default Permissions
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
pgAdmin has Incorrect Default Permissions
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
CVE-2023-1907
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
CVE-2023-1907
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
CVE-2023-1907
Summary: CVE-2023-1907 affects pgAdmin4. When logging in to pgAdmin in server mode with LDAP authentication, multiple simultaneous connection attempts may cause a user to be attached to another user’s session. The related open-source/OSV entries indicate a fix for this issue in pgAdmin4 (e.g., OS...
CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...
CVE-2024-12111
CVE-2024-12111 describes an LDAP injection vulnerability in OpenText Privileged Access Manager that can lead to authentication bypass. Affected products: OpenText Privileged Access Manager; affected versions: 23.3(4.4) and 24.3(4.5). Root cause: LDAP authentication path injection; impact: authent...