VYPR

user_ldap

by OwnCloud

CVEs (2)

  • CVE-2021-40537Sep 8, 2021
    risk 0.00cvss epss 0.01

    Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.

  • CVE-2014-9043Feb 4, 2015
    risk 0.00cvss epss 0.02

    The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.