VDB
CVE-2021-35472
CVE-2021-35472
PUBLISHED
An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authorization bypass or spoofing. By running a loop that makes many authentication attempts, an attacker might alternately be authenticated as one of two different users.
EPSS 0.37% · 58.9th percentile
Risk Scores
EPSS Score
0.37%
58.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | lemonldap-ng | 0, 1.9.14-1, 1.9.15-1 |
| Ubuntu:16.04:LTS | lemonldap-ng | 1.3.3-1, 0, 1.4.6-1 |
| Ubuntu:20.04:LTS | lemonldap-ng | 2.0.7+ds-2, *, * |
Exploit Intelligence
Timeline
- Jul 27, 2021 EPSS Score
- Jul 27, 2021 CVE Published
- Sep 24, 2021 EPSS Score
- Nov 22, 2021 EPSS Score
- Jan 21, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 21, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Sep 15, 2022 EPSS Score
- Nov 14, 2022 EPSS Score
- Jan 12, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-35472 third-party-advisory
- https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-35472 third-party-advisory