CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 1CVE-2019-12046
https://notcve.org/view.php?id=CVE-2019-12046
LemonLDAP::NG -2.0.3 has Incorrect Access Control. LemonLDAP::NG - versión 2.0.3 tiene Control de Acceso Incorrecto. • https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commits/master https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1743 https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1744 https://lemonldap-ng.org/download https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-1-9-19-is-out https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-0-4-is-out https://seclists.org/bugtraq/2019/May/38 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2012-6426
https://notcve.org/view.php?id=CVE-2012-6426
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. LemonLDAP::NG antes de v1.2.3 no utiliza la capacidad de verificación de firma de la biblioteca Lasso, lo que permite a atacantes remotos evitar restricciones de control de acceso a través de los datos SAML elaborados. • http://jira.ow2.org/browse/LEMONLDAP-570 http://openwall.com/lists/oss-security/2012/12/19/6 http://openwall.com/lists/oss-security/2012/12/20/6 • CWE-264: Permissions, Privileges, and Access Controls •