Описание
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.
Ссылки
- ExploitThird Party Advisory
- ProductVendor Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:igel:universal_management_suite:6.07.100:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00166
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials.
EPSS
Процентиль: 38%
0.00166
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-319