CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.

64 vulnerabilities with CWE-90
CVE-2020-5246 HIGH
Traccar < 4.9 - LDAP Injection via User Input in LDAP Search Filter
CVSS 7.7
CVE-2020-5281 MEDIUM
Perun < 3.9.1 - LDAP Injection via ExtSource Configuration
CVSS 6.2
CVE-2019-11277 HIGH
Cloudfoundry Cf-deployment < 11.1.0 - Injection
CVSS 8.1
CVE-2019-4297 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 11 - Comman...
CVSS 5.4
CVE-2018-5730 LOW
MIT krb5 1.6+ - Privilege Escalation
CVSS 3.8
CVE-2017-4927 HIGH
VMware vCenter Server <6.5 U1, <6.0 U3c - DoS
CVSS 7.5
CVE-2017-14596 CRITICAL
Joomla! - LDAP Injection via Authentication Plugin
CVSS 9.8
CVE-2017-8790 CRITICAL
Accellion File Transfer Appliance < 9_12_40 - LDAP Injection via ldaptest.html Filter Parameter
CVSS 9.8
CVE-2016-8750 MEDIUM
Apache Karaf < 4.0.8 - Denial of Service via LDAP Injection
CVSS 6.5
CVE-2016-9870 MEDIUM
EMC Isilon OneFS 7.1.0.x, 7.1.1.0-7.1.1.10, 7.2.0.x, 7.2.1.0-7.2.1.2, 8.0.0.0 - LDAP Injection
CVSS 6.7
CVE-2016-9299 CRITICAL
Jenkins < 2.32 and LTS < 2.19.3 - Remote Code Execution via LDAP Query Injection
CVSS 9.8
CVE-2015-10027 MEDIUM
hydrian TTRSS-Auth-LDAP <2.0b1 - LDAP Injection
CVSS 5.5
CVE-2015-7294 HIGH
ldapauth-fork < 2.3.3 - LDAP Injection via Crafted Username
CVSS 7.5
CVE-2011-4069 CRITICAL
PacketFence <3.0.2 - Command Injection
CVSS 9.8
Details
Vulnerabilities 64
Links
MITRE CWE Entry Search this CWE With Exploits