logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

107 LDAP injection

Description

The system builds LDAP queries using untrusted data that could modify the query.

Impact

Inject LDAP statements to extract sensitive information without authorization.

Recommendation

- Avoid using untrusted data to generate dynamic LDAP queries.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

45 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

  • Attack vector: A
  • Attack complexity: H
  • Attack Requirements: N
  • Privileges required: N
  • User interaction: N
  • Confidentiality (VC): L
  • Integrity (VI): L
  • Availability (VA): N
  • Confidentiality (SC): N
  • Integrity (SI): N
  • Availability (SA): N

Threat 4.0

  • Exploit maturity: P

Requirements

Fixes

Last updated

2024/02/13