Total
24 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32651 | 1 Onedev Project | 1 Onedev | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter property is configured in OneDev. This issue was fixed in version 4.4.2. | |||||
CVE-2019-4297 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761. | |||||
CVE-2016-8750 | 1 Apache | 1 Karaf | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service. | |||||
CVE-2011-4069 | 1 Packetfence | 1 Packetfence | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. |