← Back

Univention Corporate Server

univention_corporate_server

Vendor: Univention • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-38994
1Univention
1Univention Corporate Server
Apr 15, 2025
Oct 31, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to...Show more
The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access to gain higher privileges and perform followup attacks. By default, the configuration of UCS does not allow local ssh access for regular users.Show less
CVE-2019-1010283
1Univention
1Univention Corporate Server
Nov 21, 2024
Jul 17, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connect...Show more
Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.Show less