Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-11-27	CVE-2017-8028	Improper Authentication vulnerability in multiple products In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. network high complexity pivotal-software debian CWE-287	5.1