Vulnerabilities > Lemonldap NG > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-29 | CVE-2019-19791 | Unspecified vulnerability in Lemonldap-Ng Lemonldap::Ng In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). | 9.8 |
| 2023-03-31 | CVE-2023-28862 | Improper Authentication vulnerability in Lemonldap-Ng Lemonldap::Ng An issue was discovered in LemonLDAP::NG before 2.16.1. | 9.8 |
| 2022-07-18 | CVE-2021-40874 | Improper Authentication vulnerability in multiple products An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. | 9.8 |
| 2020-09-14 | CVE-2020-24660 | Forced Browsing vulnerability in multiple products An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. | 9.8 |
| 2019-09-25 | CVE-2019-15941 | Incorrect Authorization vulnerability in multiple products OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. | 9.8 |
| 2019-05-22 | CVE-2019-12046 | Insufficiently Protected Credentials vulnerability in multiple products LemonLDAP::NG -2.0.3 has Incorrect Access Control. | 9.8 |