Vulnerabilities > CVE-2022-37186 - Insufficient Session Expiration vulnerability in Lemonldap-Ng Lemonldap::Ng

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
high complexity
lemonldap-ng
CWE-613

Summary

In LemonLDAP::NG before 2.0.15. some sessions are not deleted when they are supposed to be deleted according to the timeoutActivity setting. This can occur when there are at least two servers, and a session is manually removed before the time at which it would have been removed automatically.

Vulnerable Configurations

Part Description Count
Application
Lemonldap-Ng
81

Common Weakness Enumeration (CWE)