Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-90
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4254 2 Fedoraproject, Redhat 13 Sssd, Enterprise Linux, Enterprise Linux Desktop and 10 more 2023-02-09 N/A 8.8 HIGH
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
CVE-2019-4297 1 Ibm 1 Robotic Process Automation With Automation Anywhere 2022-12-06 5.5 MEDIUM 5.4 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.
CVE-2018-5730 4 Debian, Fedoraproject, Mit and 1 more 6 Debian Linux, Fedora, Kerberos 5 and 3 more 2022-04-18 5.5 MEDIUM 3.8 LOW
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
CVE-2021-32651 1 Onedev Project 1 Onedev 2021-06-16 4.3 MEDIUM 4.3 MEDIUM
OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter property is configured in OneDev. This issue was fixed in version 4.4.2.
CVE-2015-7294 1 Ldapauth-fork Project 1 Ldapauth-fork 2020-03-09 5.0 MEDIUM 7.5 HIGH
ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.
CVE-2016-9299 2 Fedoraproject, Jenkins 2 Fedora, Jenkins 2019-05-22 7.5 HIGH 9.8 CRITICAL
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
CVE-2016-8750 1 Apache 1 Karaf 2019-04-26 4.0 MEDIUM 6.5 MEDIUM
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
CVE-2011-4069 1 Packetfence 1 Packetfence 2018-02-21 7.5 HIGH 9.8 CRITICAL
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
CVE-2017-4927 1 Vmware 1 Vcenter Server 2017-12-04 5.0 MEDIUM 7.5 HIGH
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
CVE-2017-14596 1 Joomla 1 Joomla\! 2017-09-27 5.0 MEDIUM 9.8 CRITICAL
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
CVE-2017-8790 1 Accellion 1 File Transfer Appliance 2017-05-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.
CVE-2016-9870 1 Emc 1 Isilon Onefs 2017-01-23 7.2 HIGH 6.7 MEDIUM
EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.