Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable and low-complexity but requires a valid low-privilege account (PR:L); LDAP injection strongly enables data disclosure and authorization tampering (C:H/I:H), while availability impact is uncertain and rated conservatively (A:L).
Primary rating from Vendor (usom).
CVSS VectorVendor: usom
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in HAVELSAN Inc. Liman MYS allows LDAP Injection.
This issue affects Liman MYS: before release.Master.1107.
AnalysisAI
Privilege-escalation-capable LDAP injection in HAVELSAN Liman MYS (all releases before Master.1107) lets an authenticated attacker inject unsanitized special characters into LDAP queries, subverting directory-backed authentication and authorization logic. Because Liman is typically wired into corporate LDAP/Active Directory for login, a successful injection can expose directory data, bypass access controls, and manipulate query results. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session on Liman MYS (CVSS PR:L), so the attacker must already hold or obtain valid low-privilege credentials, and the deployment must have Liman integrated with an LDAP/Active Directory backend such that user input reaches an LDAP query - the precise vulnerable input field is not detailed in the advisory. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, score 8.8) describes a network-reachable, low-complexity attack that requires only low privileges and no user interaction, with high impact to confidentiality, integrity, and availability - a genuinely serious profile for an authenticated user. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who holds a low-privilege Liman MYS account (or phishes one) submits crafted input into a field that feeds an LDAP search - such as a username or search filter - inserting metacharacters that rewrite the query into an always-true or wildcard match. The manipulated filter returns directory entries or authorization results the attacker should not have, enabling data disclosure or an authorization bypass. … |
| Remediation | Upgrade Liman MYS to release Master.1107 or later, which is the first fixed release per the vendor advisory (vendor-released patch: Master.1107); consult the USOM bulletin at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504 for exact upgrade guidance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit all HAVELSAN Liman MYS deployments to identify versions and LDAP/AD integration scope; restrict Liman administrative console access to essential personnel and enable comprehensive logging of all LDAP queries and authentication events. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a
In Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required,
An issue was discovered on Accellion FTA devices before FTA_9_12_180. Rated critical severity (CVSS 9.8), this vulnerabi
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for aut
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows at
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6
Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific p
Arbitrary certificate disclosure in Apache CXF's XKMS server lets remote attackers abuse an LDAP injection flaw (CWE-90)
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5.jsp?actionFlag=test&i
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the P
Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP au
Same weakness CWE-90 – LDAP Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42035
GHSA-44vj-xc6r-j6m3