CVE-2021-3825

CVSS v3.1

9.6

Critical

Vector

AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: LiderAhenk software Lider module versions 2.1.15 and below

Description: The issue is related to the Lider module in LiderAhenk software, where configurations are leaked via an unsecured API. An attacker with access to the configurations API could obtain valid LDAP credentials.

Recommendations: For versions 2.1.15 and below, consider disabling access to the configurations API as a temporary workaround until a patch is available. Restrict access to the API to minimize the risk of exploitation. Avoid using the API until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-3825

Affected Products

Lider

Liderahenk

CVE-2021-3825

Weakness Enumeration

Related Identifiers

Affected Products

References · 9