Vulnerabilities > Lemonldap NG > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-27 | CVE-2020-36658 | Improper Certificate Validation vulnerability in multiple products In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 8.1 |
| 2023-01-27 | CVE-2020-36659 | Improper Certificate Validation vulnerability in multiple products In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 8.1 |
| 2022-07-18 | CVE-2020-16093 | Improper Certificate Validation vulnerability in multiple products In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 7.5 |
| 2020-09-14 | CVE-2020-24660 | Forced Browsing vulnerability in multiple products An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. | 7.5 |
| 2019-09-25 | CVE-2019-15941 | Incorrect Authorization vulnerability in multiple products OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access control rules via a crafted OpenID Connect authorization request. | 7.5 |
| 2019-05-22 | CVE-2019-12046 | Insufficiently Protected Credentials vulnerability in multiple products LemonLDAP::NG -2.0.3 has Incorrect Access Control. | 7.5 |
| 2013-01-01 | CVE-2012-6426 | Permissions, Privileges, and Access Controls vulnerability in Lemonldap-Ng Lemonldap:: LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. | 7.5 |