ByteOS Network

NVD Vulnerability Details :

CVE-2022-31085

Analyzed

Source-security-advisories@github.com

Published At-27 Jun, 2022 | 21:15

Updated At-29 Jun, 2023 | 14:24

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

ldap-account-manager>>ldap_account_manager>>Versions before 8.0(exclusive)

cpe:2.3:a:ldap-account-manager:ldap_account_manager:*:*:*:*:*:internet_explorer:*:*

Debian GNU/Linux

>>debian_linux>>11.0

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-522	Primary	nvd@nist.gov
CWE-311	Secondary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4	security-advisories@github.com	Patch Third Party Advisory
https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j	security-advisories@github.com	Third Party Advisory
https://www.debian.org/security/2022/dsa-5177	security-advisories@github.com	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History