CVE-2021-35472

High

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a…

mitre·CWE-307·Published 2021-07-27

CVSS

8.8

EPSS

0.02

KEV

Exploits

cve.orgen

263 chars

An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.

NVDen

263 chars

NVDes

348 chars

Se ha detectado un problema en LemonLDAP::NG versiones anteriores a 2.0.12. La corrupción de la caché de la sesión puede conllevar a una omisión de la autorización o una suplantación de identidad. Al ejecutar un bucle que hace muchos intentos de autenticación, un atacante podría ser autenticado alternativamente como uno de dos usuarios diferentes

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.0	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H