CVE-2015-5246

high

Description

The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1258700

http://projects.theforeman.org/issues/11471

Details

Source: Mitre, NVD

Published: 2017-10-06

Updated: 2026-05-13

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00918