Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Traffic Control Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2019-12405

Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct pa...

9.8CVSS

9.3AI Score

0.004EPSS

2019-09-09 05:15 PM
34
cve
cve

CVE-2021-43350

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.

9.8CVSS

9.3AI Score

0.007EPSS

2021-11-11 01:15 PM
38