Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/100914?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "type": "deb", "namespace": "debian", "name": "ldap-account-manager", "version": "9.5.1-1", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75208?format=api", "vulnerability_id": "VCID-2hwc-vhkt-8ufy", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.80274", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.803", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.80303", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.80299", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.80292", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01329", "scoring_system": "epss", "scoring_elements": "0.80314", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5177", "reference_id": "dsa-5177", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:51Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5177" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_id": "f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:51Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q9pc-x84w-982x", "reference_id": "GHSA-q9pc-x84w-982x", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:51Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q9pc-x84w-982x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100921?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-31086" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hwc-vhkt-8ufy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75206?format=api", "vulnerability_id": "VCID-3m8d-9vmh-sycf", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31084", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01567", "scoring_system": "epss", "scoring_elements": "0.81852", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01567", "scoring_system": "epss", "scoring_elements": "0.81886", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01567", "scoring_system": "epss", "scoring_elements": "0.81885", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01567", "scoring_system": "epss", "scoring_elements": "0.81887", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01567", "scoring_system": "epss", "scoring_elements": "0.8188", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01567", "scoring_system": "epss", "scoring_elements": "0.81896", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5177", "reference_id": "dsa-5177", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:08Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5177" }, { "reference_url": "https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/", "reference_id": "exploiting-arbitrary-object-instantiations", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:08Z/" } ], "url": "https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_id": "f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:08Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw", "reference_id": "GHSA-r387-grjx-qgvw", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:08Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100921?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-31084" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3m8d-9vmh-sycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75209?format=api", "vulnerability_id": "VCID-4eag-jvyy-u7c4", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31087", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40773", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40849", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40854", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40824", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40793", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40805", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5177", "reference_id": "dsa-5177", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:54Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5177" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_id": "f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:54Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q8g5-45m4-q95p", "reference_id": "GHSA-q8g5-45m4-q95p", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:54Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q8g5-45m4-q95p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100921?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-31087" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4eag-jvyy-u7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75201?format=api", "vulnerability_id": "VCID-5ywq-zhuj-wbhd", "summary": "A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75067", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75096", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.751", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75092", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75078", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75105", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1115" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661904", "reference_id": "661904", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661904" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662050", "reference_id": "662050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662050" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100917?format=api", "purl": "pkg:deb/debian/ldap-account-manager@3.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@3.6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-1115" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ywq-zhuj-wbhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75203?format=api", "vulnerability_id": "VCID-8h1w-jn4e-hucx", "summary": "Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has XSS via the dn parameter to the templates/3rdParty/pla/htdocs/cmd.php URI or the template parameter to the templates/3rdParty/pla/htdocs/cmd.php?cmd=rename_form URI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8763", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63844", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63887", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63894", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63885", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63873", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8763" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8763" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100919?format=api", "purl": "pkg:deb/debian/ldap-account-manager@6.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@6.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-8763" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8h1w-jn4e-hucx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75210?format=api", "vulnerability_id": "VCID-egfg-8v6z-5fep", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68396", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68438", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68446", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68439", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68423", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00552", "scoring_system": "epss", "scoring_elements": "0.68442", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5177", "reference_id": "dsa-5177", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:57Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5177" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_id": "f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:57Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4", "reference_id": "GHSA-wxf8-9x99-6gp4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:53:57Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100921?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-31088" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-egfg-8v6z-5fep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75200?format=api", "vulnerability_id": "VCID-esgk-7sdb-vuay", "summary": "A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1114", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75067", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75096", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.751", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75092", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75078", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0084", "scoring_system": "epss", "scoring_elements": "0.75105", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1114" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1114" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661904", "reference_id": "661904", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661904" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662050", "reference_id": "662050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=662050" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100917?format=api", "purl": "pkg:deb/debian/ldap-account-manager@3.6-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@3.6-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-1114" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esgk-7sdb-vuay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75202?format=api", "vulnerability_id": "VCID-fdc1-nn49-3uf4", "summary": "Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4453", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65195", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65238", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65248", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65237", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65225", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00475", "scoring_system": "epss", "scoring_elements": "0.65244", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4453" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4453" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976", "reference_id": "726976", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726976" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100918?format=api", "purl": "pkg:deb/debian/ldap-account-manager@4.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@4.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4453" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdc1-nn49-3uf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75212?format=api", "vulnerability_id": "VCID-hsbu-m1n7-gud2", "summary": "LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`. The values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line. An attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed in version 9.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23261", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.2321", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23206", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23321", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23306", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-52792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52792" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090934", "reference_id": "1090934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090934" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.0", "reference_id": "9.0", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-18T15:36:07Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.0" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc", "reference_id": "GHSA-6cp9-j5r7-xhcc", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-18T15:36:07Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6cp9-j5r7-xhcc" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "reference_id": "GHSA-fm9w-7m7v-wxqv", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-18T15:36:07Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/blob/fd665fef3b222bf8205154b14f676815d2d6ae20/lam/templates/config/mainmanage.php#L263", "reference_id": "mainmanage.php#L263", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-18T15:36:07Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/blob/fd665fef3b222bf8205154b14f676815d2d6ae20/lam/templates/config/mainmanage.php#L263" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-52792" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hsbu-m1n7-gud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75214?format=api", "vulnerability_id": "VCID-kecc-f7ue-8yg2", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with GHSA-88hf-2cjm-m9g8 this allows to execute arbitrary code. Users need to login to LAM to exploit this vulnerability. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user and delete the PDF profile files (making PDF exports impossible).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25075", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24961", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24953", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.2501", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.25064", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27894" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27894", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27894" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131370", "reference_id": "1131370", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131370" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5", "reference_id": "9.5", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T19:54:01Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8", "reference_id": "GHSA-88hf-2cjm-m9g8", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T19:54:01Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf", "reference_id": "GHSA-w7xq-vjr3-p9cf", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T19:54:01Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-27894" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kecc-f7ue-8yg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75199?format=api", "vulnerability_id": "VCID-m6j5-tc6j-w7cw", "summary": "lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1840", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70691", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70733", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.7074", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70723", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70711", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70734", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1840" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1840", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1840" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415379", "reference_id": "415379", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415379" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100916?format=api", "purl": "pkg:deb/debian/ldap-account-manager@1.1.1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@1.1.1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-1840" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m6j5-tc6j-w7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75215?format=api", "vulnerability_id": "VCID-nnye-aspj-duh1", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type (including .php files) can be uploaded. With GHSA-w7xq-vjr3-p9cf, an attacker can achieve remote code execution as the web server user. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27812", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.2768", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27673", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27722", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.2776", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27895" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131370", "reference_id": "1131370", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131370" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5", "reference_id": "9.5", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T19:55:04Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/9.5" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8", "reference_id": "GHSA-88hf-2cjm-m9g8", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T19:55:04Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-88hf-2cjm-m9g8" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf", "reference_id": "GHSA-w7xq-vjr3-p9cf", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T19:55:04Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-w7xq-vjr3-p9cf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100923?format=api", "purl": "pkg:deb/debian/ldap-account-manager@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-27895" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnye-aspj-duh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75204?format=api", "vulnerability_id": "VCID-rcaz-pmcu-4fcy", "summary": "Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8764", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.5812", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58171", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58179", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58167", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58151", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.58169", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8764" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8764", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8764" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100919?format=api", "purl": "pkg:deb/debian/ldap-account-manager@6.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@6.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-8764" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rcaz-pmcu-4fcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75198?format=api", "vulnerability_id": "VCID-temd-mue4-6yfj", "summary": "Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.2037", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20444", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20432", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20393", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20326", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20334", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7191" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7191" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100912?format=api", "purl": "pkg:deb/debian/ldap-account-manager@1.0.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@1.0.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-7191" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-temd-mue4-6yfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75207?format=api", "vulnerability_id": "VCID-x5f9-eemd-nyes", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31085", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26084", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26188", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.2618", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26135", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26079", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26085", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5177", "reference_id": "dsa-5177", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:27Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5177" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_id": "f1d5d04952f39a1b4ea203d3964fa88e1429dfd4", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:27Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j", "reference_id": "GHSA-6m3q-5c84-6h6j", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:04:27Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100921?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-31085" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x5f9-eemd-nyes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75205?format=api", "vulnerability_id": "VCID-yemz-2ts1-cugv", "summary": "LDAP Account Manager (LAM) is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like ../../../../../../../../../../../../../usr/share/icons/hicolor/48x48/apps/gvim.png via tools like burpsuite. Later when a pdf is exported using the edited profile the pdf icon has the image on that path(if image is present). Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.9.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.73988", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.7402", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.74025", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.74011", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.73994", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00776", "scoring_system": "epss", "scoring_elements": "0.74021", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31084" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31085" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31087" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31088" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/issues/170", "reference_id": "170", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:39Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/issues/170" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49", "reference_id": "3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:39Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5177", "reference_id": "dsa-5177", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:39Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5177" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v", "reference_id": "GHSA-f2fr-cccr-583v", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-22T15:43:39Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100920?format=api", "purl": "pkg:deb/debian/ldap-account-manager@7.9.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@7.9.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100913?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.0.1-0%2Bdeb11u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.0.1-0%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100911?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbu-m1n7-gud2" }, { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-z63r-68da-k7hf" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-24851" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yemz-2ts1-cugv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75211?format=api", "vulnerability_id": "VCID-z63r-68da-k7hf", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05756", "scoring_system": "epss", "scoring_elements": "0.90646", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.05756", "scoring_system": "epss", "scoring_elements": "0.90633", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05756", "scoring_system": "epss", "scoring_elements": "0.90631", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05756", "scoring_system": "epss", "scoring_elements": "0.9063", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23333" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067179", "reference_id": "1067179", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067179" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7", "reference_id": "8.7", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:04:47Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/releases/tag/8.7" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv", "reference_id": "GHSA-fm9w-7m7v-wxqv", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-21T15:04:47Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100922?format=api", "purl": "pkg:deb/debian/ldap-account-manager@8.7-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@8.7-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100915?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.0-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-kecc-f7ue-8yg2" }, { "vulnerability": "VCID-nnye-aspj-duh1" }, { "vulnerability": "VCID-zdcq-njxh-sugv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-23333" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z63r-68da-k7hf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75213?format=api", "vulnerability_id": "VCID-zdcq-njxh-sugv", "summary": "LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplied script (for example a script element). An authenticated user with permission to create or edit a profile can insert a script payload into the profile name and have it executed when the profile data is viewed in a browser. This issue is fixed in version 9.3. No known workarounds are mentioned.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11101", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.10985", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11109", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11066", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58174" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115656", "reference_id": "1115656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1115656" }, { "reference_url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6gqg-wm9x-5x3m", "reference_id": "GHSA-6gqg-wm9x-5x3m", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-16T17:29:45Z/" } ], "url": "https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6gqg-wm9x-5x3m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/100914?format=api", "purl": "pkg:deb/debian/ldap-account-manager@9.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-58174" ], "risk_score": 2.0, "exploitability": "0.5", "weighted_severity": "4.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdcq-njxh-sugv" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/ldap-account-manager@9.5.1-1%3Fdistro=trixie" }