CVE-2021-3825

Опубликовано: 01 окт. 2021

Источник: nvd

CVSS3: 9.6

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

Ссылки

https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/
Exploit
Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-21-0795
Third Party Advisory
https://pentest.blog/liderahenk-0day-all-your-pardus-clients-belongs-to-me/
Exploit
Third Party Advisory
https://www.usom.gov.tr/bildirim/tr-21-0795
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pardus:liderahenk:*:*:*:*:*:*:*:*

Версия до 2.1.15 (включая)

EPSS

Процентиль: 60%

0.00405

Низкий

9.6 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306

Связанные уязвимости

GHSA-5g5h-vp5m-chrx

CVSS3: 9.6

github

больше 3 лет назад

EPSS

Процентиль: 60%

0.00405

Низкий

9.6 Critical

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-306