CVE-2021-3825 | THREATINT

Description

On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP credentials.

PUBLISHED Reserved 2021-09-22 | Published 2021-10-01 | Updated 2026-05-18 | Assigner TR-CERT

CRITICAL: 9.6CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status

unaffected

Any version before 2.1.16

affected

Credits

Mehmet INCE from PRODAFT finder

References

www.usom.gov.tr/bildirim/tr-21-0795

pentest.blog/...-0day-all-your-pardus-clients-belongs-to-me/

www.usom.gov.tr/bildirim/tr-21-0795 government-resource broken-link

pentest.blog/...-0day-all-your-pardus-clients-belongs-to-me/

siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-21-0795 government-resource

cve.org (CVE-2021-3825)

nvd.nist.gov (CVE-2021-3825)

Download JSON