CVE-2015-5246

Published: Oct 6, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

Affected (1)

Products: Theforeman: Foreman

Theforeman

1 product

Foreman

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Theforeman Foreman	Version 1.9.0

Related CWEs

CWE-254

References (4)

http://projects.theforeman.org/issues/11471

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1258700

Source: secalert@redhat.com

Issue Tracking

http://projects.theforeman.org/issues/11471

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1258700

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.