Vulnerabilities > Ledgersmb > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-14 | CVE-2021-3882 | Missing Encryption of Sensitive Data vulnerability in Ledgersmb LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. | 6.8 |
| 2021-08-23 | CVE-2021-3731 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. | 4.7 |