CVE-2022-45910
MEDIUMApache ManifoldCF < 2.23 - LDAP Injection in ActiveDirectory and Sharepoint Authority Connectors
Title source: llmDescription
Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.
References (1)
Core 1
Core References
Mailing List, Vendor Advisory mailing-list
vendor-advisory
https://lists.apache.org/thread/m693p0dq6jvwwvmy2wnhj6k854z0s444
Scores
CVSS v3
5.3
EPSS
0.0147
EPSS Percentile
70.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-90
CWE-74
Status
published
Products (1)
apache/manifoldcf
< 2.23
Published
Dec 07, 2022
Tracked Since
Feb 18, 2026