|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-16731
|CWE ID|| CWE-523
|Public exploit||Not available|
|Vulnerable software versions||
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in the authentication of Ellipse to LDAP/AD using the LDAP protocol due to unprotected transport of credentials. A remote attacker can sniff local network traffic and discovery authentication credentials.Remediation
The vulnerability is addressed in the following versions: 8.5.26 Release 7, 8.6.21 Release 5, 8.7.18 Release 7, 8.8.12 Release 7, 8.9.6 Release 7.