XML External Entity (XXE) Vulnerability in LemonLDAP::NG Notification Server

XML External Entity (XXE) Vulnerability in LemonLDAP::NG Notification Server

CVE-2019-13031 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.

Learn more about our Cis Benchmark Audit For Server Software.