CVE-2021-3825 Vulnerability Details

  /     /     /  

CVE-2021-3825 Metadata Quick Info

CVE Published: 01/10/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: TR-CERT | Vendor: TUBITAK | Product: Lider
Status : PUBLISHED

---

CVE-2021-3825 Description

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it\'s configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

Metrics

CVSS Version: 3.1 | Base Score: 9.6 CRITICAL
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-306
CWE Name: CWE-306 Missing Authentication for Critical Function
Source: TUBITAK

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-136
CAPEC Description: CAPEC-136 LDAP Injection


Source: NVD (National Vulnerability Database).