PT-2019-13089 · Lemonldap · Lemonldap::Ng

Clément Oudot

Publicado

2019-06-28

Atualizado

2019-08-26

CVE-2019-13031

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LemonLDAP::NG versions prior to 1.9.20

Description The issue is related to an XML External Entity (XXE) problem that occurs when submitting a notification to the notification server. It's worth noting that the notification server is not enabled by default and has a "deny all" rule, which may limit the exposure to this issue.

Recommendations For versions prior to 1.9.20, update to version 1.9.20 or later to resolve the issue.

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2019-13031

DLA-1844-1

Produtos afetados

Lemonldap::Ng

PT-2019-13089 · Lemonldap · Lemonldap::Ng

CVE-2019-13031

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15