Vulnerabilities > CVE-2022-31088

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ldap-account-manager

debian

NVD

Published: 2022-06-27

Updated: 2024-11-21

Summary

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0.

Vulnerable Configurations

Part	Description	Count
Application	Ldap-Account-Manager Ldap Account Manager Ldap Account Manager - Ldap Account Manager Ldap Account Manager 3.6 Ldap Account Manager Ldap Account Manager 4.2.1 Ldap Account Manager Ldap Account Manager 4.3 Ldap Account Manager Ldap Account Manager 6.3 Ldap Account Manager Ldap Account Manager 7.9.1	6
OS	Debian Debian Debian Linux 11.0	1

Vulnerabilities > CVE-2022-31088 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2022-31088"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2022-31088