Skip to main content

Directory Studio

2 CVEs product

Monthly

CVE-2021-33900 Maven HIGH PATCH This Week

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Directory Studio
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2015-5349 Maven HIGH PATCH This Week

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Apache Ldap Studio Directory Studio
NVD
CVSS 3.0
7.8
EPSS
1.4%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism (DIGEST-MD5, GSSAPI) was used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Directory Studio
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Apache Ldap Studio +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy