CVE-2019-1010283

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function dataonconnection in src/callback.c. The attack vector is: network connectivity. The fixed...

The vulnerability of the check_univention_joinstatus component in the Univention Corporate Server operating system allows a hacker to increase their privileges.

The vulnerability of the checkuniventionjoinstatus component in the Univention Corporate Server operating system is related to the disclosure of information in the error-prone data area. Exploiting this vulnerability can allow attackers to increase their privileges...

CVE-2023-38994

The 'checkuniventionjoinstatus' prometheus monitoring script and other scripts in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuratio...

CVE-2023-38994

CVE-2023-38994 affects Univention Corporate Server (UCS) 5.0-5. The issue stems from the check_univention_joinstatus Prometheus script (and similar scripts), which exposes the LDAP password of the machine account in the process list. This enables attackers with local SSH access to elevate privile...

PT-2023-7018 · Univention · Univention Corporate Server

Name of the Vulnerable Software and Affected Versions: Univention Corporate Server UCS versions 5.0-5 Description: The issue is related to the check univention joinstatus prometheus monitoring script, which reveals the LDAP plaintext password of the machine account in the process list. This allow...

Samba AD DC did not correctly sandbox

Description Samba as an Active Directory Domain Controller is able to support an RODC, which is meant to have minimal privileges in a domain. However, in accepting a ticket from a Samba or Windows RODC, Samba was not confirming that the RODC is authorized to print such a ticket, via the...

CVE-2019-1010283

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function dataonconnection in src/callback.c. The attack vector is: network connectivity. The fixed...

CVE-2019-1010283

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function dataonconnection in src/callback.c. The attack vector is: network connectivity. The fixed...

Design/Logic Flaw

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function dataonconnection in src/callback.c. The attack vector is: network connectivity. The fixed...

CVE-2019-1010283

Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function dataonconnection in src/callback.c. The attack vector is: network connectivity. The fixed...

CVE-2019-1010283

Univention Corporate Server, specifically the component Univention Directory Notifier (univention-directory-notifier) with versions up to 12.0.1-3, is affected by CWE-213 (Intentional Information Exposure) leading to loss of confidentiality. The vulnerability affects the function data_on_connecti...

PT-2019-11541 · Univention · Univention Corporate Server

Name of the Vulnerable Software and Affected Versions: Univention Corporate Server univention-directory-notifier versions 12.0.1-3 and earlier Description: The issue affects the function data on connection in src/callback.c, allowing intentional information exposure through network connectivity,...

Univention Corporate Server 4.0 erratum 137

The remote host is missing an update for gnupg erratum 137 SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Univention Corporate Server 4.0 erratum 142

The remote host is missing an update for openssl erratum 142 SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Univention Corporate Server (UCS) and Management Console Detection

This script attempts to determine if the target is a Univention Corporate Server UCS. It also tries to detect the Univention Management Console. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...