CVE-2023-25613
CRITICALApache Kerby LDAP Backend < 2.0.3 - LDAP Injection
Title source: llmDescription
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3.
References (1)
Core 1
Core References
Mailing List vendor-advisory
https://lists.apache.org/thread/ynz3hhbbq6d980fzpncwbh5jd8mkyt5y
Scores
CVSS v3
9.8
EPSS
0.0021
EPSS Percentile
43.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (2)
apache/kerby_ldap_backend
< 2.0.3
org.apache.kerby/ldap-backend
0 - 2.0.3Maven
Published
Feb 20, 2023
Tracked Since
Feb 18, 2026