LDAP
Monthly
LDAP injection in Yamcs LdapAuthModule (yamcs-core < 5.12.7) enables horizontal privilege escalation for authenticated low-privilege users. By submitting a wildcard character as the username alongside a single known valid LDAP password, an attacker causes the unescaped LDAP search filter to match the first user returned by the directory query, effectively authenticating as that account. A proof-of-concept exploit is publicly available in the GitHub advisory; no CISA KEV listing exists, but the low attack complexity and published PoC make this a credible threat for any Yamcs deployment using LDAP authentication.
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
LDAP filter injection in Netatalk 2.1.0 through 4.4.2 enables an authenticated remote attacker to manipulate LDAP query logic, potentially reading or modifying directory entries beyond their authorization scope. The CVSS score of 4.2 (Medium) reflects real but bounded impact - high attack complexity and a requirement for low-privilege authentication constrain opportunistic exploitation. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
LDAP Filter Injection in Zitadel's identity provider implementation allows unauthenticated remote attackers to enumerate valid usernames and extract sensitive LDAP directory attributes through blind injection techniques. The vulnerability exists in Zitadel versions 2.71.11-2.71.19, 3.1.0-3.4.9, and 4.0.0-4.14.0 when LDAP is configured as an identity provider. Exploitation requires no authentication (CVSS PR:N) and has network attack vector (AV:N) with low complexity (AC:L), resulting in high confidentiality impact (C:H) but no authentication bypass capability. Vendor-released patches are available for 3.x (3.4.10) and 4.x (4.15.0) branches. No public exploit identified at time of analysis, though the attack technique is well-documented in security research.
LDAP filter injection in Netflix Lemur certificate management platform allows authenticated users with valid LDAP credentials to escalate privileges to administrator by injecting metacharacters into the username field during login. Attackers manipulate group membership queries to gain unauthorized admin roles, enabling access to all certificates, private keys via /certificates/<id>/key endpoint, and CA configurations. Vendor-released patch confirmed in version 1.9.0 (GitHub advisory GHSA-3r34-vq8m-39gh). CVSS 8.1 indicates high confidentiality and integrity impact with low attack complexity from network-authenticated attackers. No public exploit code identified at time of analysis, though detailed reproduction steps exist in the advisory.
Incomplete LDAP query escaping in PowerDNS Authoritative with 8bit-dns enabled allows authenticated users to enumerate internal domain subtrees through LDAP injection, leading to information disclosure of sensitive DNS zone data. The vulnerability requires valid authentication, high attack complexity due to LDAP protocol constraints, and has been reported by the vendor security team. No active exploitation data is currently available.
Authentication bypass in mitmproxy 12.2.1 and below allows remote attackers to bypass LDAP-based proxy authentication through unsanitized username injection. The vulnerability affects only instances explicitly configured with the proxyauth option using LDAP authentication, which is disabled by default. Attackers can exploit this over the network without authentication or user interaction to gain unauthorized access to proxied connections.
LDAP injection vulnerabilities in PAC4J authentication library allow low-privileged remote attackers to execute arbitrary LDAP queries and directory operations by injecting malicious syntax into ID-based search parameters. Affects PAC4J 4.x before 4.5.10, 5.x before 5.7.10, and 6.x before 6.4.1. CVSS 8.7 (High) with network vector, low complexity, and low privilege requirement. No active exploitation confirmed per CISA KEV; EPSS score 0.22% suggests low near-term exploitation probability. Vendor patches available per pac4j.org advisory. CERT-PL reported vulnerability.
LDAP injection in Bouncy Castle BC-JAVA bcprov module (versions 1.49 through 1.83) allows remote unauthenticated attackers to manipulate LDAP queries via specially crafted input to LDAPStoreHelper.java, enabling complete compromise of confidentiality, integrity, and availability across security boundaries. This critical vulnerability (CVSS 10.0) affects a widely deployed cryptographic library used throughout the Java ecosystem. No active exploitation confirmed (not in CISA KEV), but the attack r
LDAP injection in maddy mail server versions before 0.9.3 allows remote unauthenticated attackers to extract sensitive directory attributes and spoof user identities. The auth.ldap module fails to escape user-supplied usernames before interpolating them into LDAP search filters and DN strings, despite having the ldap.EscapeFilter() function available. Attackers can exploit this via SMTP AUTH PLAIN or IMAP LOGIN interfaces to perform boolean-based blind injection attacks that extract password hashes, email addresses, group memberships, and other LDAP attributes character-by-character. While CVSS rates this 8.2 (High) for network-accessible unauthenticated exploitation with high confidentiality impact, no active exploitation (KEV) or weaponized POC has been identified at time of analysis. EPSS data not available for this recent CVE.
LDAP injection in MISP (Malware Information Sharing Platform) versions prior to 2.5.36 enables unauthenticated attackers to bypass authentication and execute unauthorized LDAP queries. The vulnerability exists in ApacheAuthenticate.php when administrators configure apacheEnv to use user-controlled server variables instead of REMOTE_USER in proxy deployments. Attackers manipulate unsanitized username values to inject special characters into LDAP search filters, potentially gaining unauthorized access to the threat intelligence platform. No public exploit identified at time of analysis.
LDAP filter injection in OPNsense firewall allows unauthenticated attackers to enumerate valid LDAP usernames and bypass group membership restrictions via the WebGUI login page. Affects OPNsense versions prior to 26.1.6. The vulnerability stems from failure to escape user-supplied input before insertion into LDAP search filters, enabling metacharacter injection. Attackers can authenticate as any LDAP user with known credentials, circumventing Extended Query group membership controls. No public exploit identified at time of analysis.
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to impersonate other users by claiming their PGP signatures through a specially crafted email address, enabling signature forgery and identity spoofing in encrypted email communications. The vulnerability exploits LDAP injection mechanisms to manipulate signature verification, affecting all versions prior to 15.0.3. No CVSS score is available, and exploitation status remains unconfirmed from provided data.
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to read encrypted email contents intended for other users by crafting specially malformed email addresses that exploit LDAP injection in the recipient validation process. This information disclosure vulnerability affects all versions prior to 15.0.3 and requires only network access to send a specially crafted email, making it a practical attack vector against organizations using vulnerable SEPPmail deployments.
Open-Xchange Dovecot Pro contains an LDAP filter injection vulnerability in its authentication module that allows remote unauthenticated attackers to inject arbitrary LDAP filters when the auth_username_chars configuration parameter is left empty, potentially enabling authentication bypass and reconnaissance of LDAP directory structures. The vulnerability carries a low CVSS score of 3.7 due to high attack complexity requirements, and no public exploit code has been identified at the time of analysis.
n8n contains an LDAP injection vulnerability in the LDAP node's filter escape logic that allows LDAP metacharacters to pass through unescaped when user-controlled input is interpolated into LDAP search filters. This affects n8n versions prior to 1.123.27, 2.13.3, and 2.14.1, enabling attackers to manipulate LDAP queries to retrieve unintended directory records or bypass authentication controls implemented within workflows. The vulnerability requires specific workflow configuration (LDAP node receiving external user input via expressions) and has not been publicly reported as actively exploited, though no proof-of-concept availability is explicitly confirmed across available intelligence sources.
An LDAP injection vulnerability in SuiteCRM's authentication flow allows attackers to manipulate LDAP queries by injecting control characters into user-supplied input, potentially leading to authentication bypass or information disclosure. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, which are open-source CRM systems widely deployed in enterprise environments. While no active exploitation has been reported (not in CISA KEV), the network-exploitable nature and potential for authentication bypass makes this a serious concern for organizations using affected versions.
Parse Server's LDAP authentication adapter fails to properly sanitize user input in Distinguished Names and group filters, allowing authenticated attackers to inject LDAP commands and bypass group-based access controls. This vulnerability enables privilege escalation for any valid LDAP user to gain membership in restricted groups, affecting deployments that rely on LDAP group policies for authorization. Patches are available in versions 9.5.2-alpha.13 and 8.6.26.
OpenDCIM through version 23.04 fails to enforce authorization checks in its installation and upgrade handlers, allowing any authenticated user to modify LDAP configuration settings regardless of their assigned roles. Public exploit code exists for this vulnerability, and in deployments where REMOTE_USER authentication is not enforced, unauthenticated attackers may also access these administrative functions. An attacker can exploit this to alter application configuration and potentially compromise directory services integration.
JNDI injection in mchange-commons-java library allows remote code execution through crafted JNDI lookup strings. Similar to Log4Shell attack pattern. PoC and patch available.
Windows LDAP service in Server 2022 and 2022 23H2 is vulnerable to denial of service through a null pointer dereference that can be triggered remotely without authentication. An attacker can exploit this flaw over the network to crash the LDAP service and disrupt directory access functionality. No patch is currently available for this vulnerability.
Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1).
Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific prerequisites are met.
WeKan (open-source kanban) prior to 8.19 has an LDAP filter injection vulnerability enabling authentication bypass through crafted LDAP login attempts.
DataHub versions prior to 1.3.1.8 are vulnerable to man-in-the-middle attacks during LDAP authentication due to insufficient TLS certificate validation, allowing attackers on the network to intercept and eavesdrop on sensitive authentication credentials. An unauthenticated attacker can downgrade the TLS connection to capture plaintext LDAP credentials without requiring user interaction. No patch is currently available for affected deployments.
Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2).
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services.
Improper access controls in WeKan's LDAP user synchronization component (versions up to 8.20) allow authenticated remote attackers to gain unauthorized access to sensitive information or modify data with low complexity. The vulnerability affects the LDAP User Sync functionality in packages/wekan-ldap/server/syncUser.js and requires valid credentials to exploit. WeKan 8.21 and later address this issue and should be deployed immediately.
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. [CVSS 6.4 MEDIUM]
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface.
Moonraker versions 0.9.3 and below with LDAP authentication enabled are susceptible to LDAP injection attacks through the login endpoint, enabling attackers to enumerate valid user IDs and attributes via response analysis. An unauthenticated remote attacker can exploit this vulnerability to discover LDAP directory information without requiring valid credentials. A patch is available in version 0.10.0 and later.
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication. [CVSS 7.2 HIGH]
Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. [CVSS 5.3 MEDIUM]
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]
Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP authentication mechanism allows attackers to enumerate users, extract sensitive attributes, and target specific accounts. Public exploit code exists for this vulnerability. The issue is resolved in version 1.2.49 and later.
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load.
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CISA Thorium does not escape user controlled strings used in LDAP queries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
{remote_id}/link API when objectGUID is configured as the Group ID Attribute.
A remote code execution vulnerability in A possible security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.
Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
LDAP injection in Yamcs LdapAuthModule (yamcs-core < 5.12.7) enables horizontal privilege escalation for authenticated low-privilege users. By submitting a wildcard character as the username alongside a single known valid LDAP password, an attacker causes the unescaped LDAP search filter to match the first user returned by the directory query, effectively authenticating as that account. A proof-of-concept exploit is publicly available in the GitHub advisory; no CISA KEV listing exists, but the low attack complexity and published PoC make this a credible threat for any Yamcs deployment using LDAP authentication.
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
LDAP filter injection in Netatalk 2.1.0 through 4.4.2 enables an authenticated remote attacker to manipulate LDAP query logic, potentially reading or modifying directory entries beyond their authorization scope. The CVSS score of 4.2 (Medium) reflects real but bounded impact - high attack complexity and a requirement for low-privilege authentication constrain opportunistic exploitation. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.
LDAP Filter Injection in Zitadel's identity provider implementation allows unauthenticated remote attackers to enumerate valid usernames and extract sensitive LDAP directory attributes through blind injection techniques. The vulnerability exists in Zitadel versions 2.71.11-2.71.19, 3.1.0-3.4.9, and 4.0.0-4.14.0 when LDAP is configured as an identity provider. Exploitation requires no authentication (CVSS PR:N) and has network attack vector (AV:N) with low complexity (AC:L), resulting in high confidentiality impact (C:H) but no authentication bypass capability. Vendor-released patches are available for 3.x (3.4.10) and 4.x (4.15.0) branches. No public exploit identified at time of analysis, though the attack technique is well-documented in security research.
LDAP filter injection in Netflix Lemur certificate management platform allows authenticated users with valid LDAP credentials to escalate privileges to administrator by injecting metacharacters into the username field during login. Attackers manipulate group membership queries to gain unauthorized admin roles, enabling access to all certificates, private keys via /certificates/<id>/key endpoint, and CA configurations. Vendor-released patch confirmed in version 1.9.0 (GitHub advisory GHSA-3r34-vq8m-39gh). CVSS 8.1 indicates high confidentiality and integrity impact with low attack complexity from network-authenticated attackers. No public exploit code identified at time of analysis, though detailed reproduction steps exist in the advisory.
Incomplete LDAP query escaping in PowerDNS Authoritative with 8bit-dns enabled allows authenticated users to enumerate internal domain subtrees through LDAP injection, leading to information disclosure of sensitive DNS zone data. The vulnerability requires valid authentication, high attack complexity due to LDAP protocol constraints, and has been reported by the vendor security team. No active exploitation data is currently available.
Authentication bypass in mitmproxy 12.2.1 and below allows remote attackers to bypass LDAP-based proxy authentication through unsanitized username injection. The vulnerability affects only instances explicitly configured with the proxyauth option using LDAP authentication, which is disabled by default. Attackers can exploit this over the network without authentication or user interaction to gain unauthorized access to proxied connections.
LDAP injection vulnerabilities in PAC4J authentication library allow low-privileged remote attackers to execute arbitrary LDAP queries and directory operations by injecting malicious syntax into ID-based search parameters. Affects PAC4J 4.x before 4.5.10, 5.x before 5.7.10, and 6.x before 6.4.1. CVSS 8.7 (High) with network vector, low complexity, and low privilege requirement. No active exploitation confirmed per CISA KEV; EPSS score 0.22% suggests low near-term exploitation probability. Vendor patches available per pac4j.org advisory. CERT-PL reported vulnerability.
LDAP injection in Bouncy Castle BC-JAVA bcprov module (versions 1.49 through 1.83) allows remote unauthenticated attackers to manipulate LDAP queries via specially crafted input to LDAPStoreHelper.java, enabling complete compromise of confidentiality, integrity, and availability across security boundaries. This critical vulnerability (CVSS 10.0) affects a widely deployed cryptographic library used throughout the Java ecosystem. No active exploitation confirmed (not in CISA KEV), but the attack r
LDAP injection in maddy mail server versions before 0.9.3 allows remote unauthenticated attackers to extract sensitive directory attributes and spoof user identities. The auth.ldap module fails to escape user-supplied usernames before interpolating them into LDAP search filters and DN strings, despite having the ldap.EscapeFilter() function available. Attackers can exploit this via SMTP AUTH PLAIN or IMAP LOGIN interfaces to perform boolean-based blind injection attacks that extract password hashes, email addresses, group memberships, and other LDAP attributes character-by-character. While CVSS rates this 8.2 (High) for network-accessible unauthenticated exploitation with high confidentiality impact, no active exploitation (KEV) or weaponized POC has been identified at time of analysis. EPSS data not available for this recent CVE.
LDAP injection in MISP (Malware Information Sharing Platform) versions prior to 2.5.36 enables unauthenticated attackers to bypass authentication and execute unauthorized LDAP queries. The vulnerability exists in ApacheAuthenticate.php when administrators configure apacheEnv to use user-controlled server variables instead of REMOTE_USER in proxy deployments. Attackers manipulate unsanitized username values to inject special characters into LDAP search filters, potentially gaining unauthorized access to the threat intelligence platform. No public exploit identified at time of analysis.
LDAP filter injection in OPNsense firewall allows unauthenticated attackers to enumerate valid LDAP usernames and bypass group membership restrictions via the WebGUI login page. Affects OPNsense versions prior to 26.1.6. The vulnerability stems from failure to escape user-supplied input before insertion into LDAP search filters, enabling metacharacter injection. Attackers can authenticate as any LDAP user with known credentials, circumventing Extended Query group membership controls. No public exploit identified at time of analysis.
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to impersonate other users by claiming their PGP signatures through a specially crafted email address, enabling signature forgery and identity spoofing in encrypted email communications. The vulnerability exploits LDAP injection mechanisms to manipulate signature verification, affecting all versions prior to 15.0.3. No CVSS score is available, and exploitation status remains unconfirmed from provided data.
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to read encrypted email contents intended for other users by crafting specially malformed email addresses that exploit LDAP injection in the recipient validation process. This information disclosure vulnerability affects all versions prior to 15.0.3 and requires only network access to send a specially crafted email, making it a practical attack vector against organizations using vulnerable SEPPmail deployments.
Open-Xchange Dovecot Pro contains an LDAP filter injection vulnerability in its authentication module that allows remote unauthenticated attackers to inject arbitrary LDAP filters when the auth_username_chars configuration parameter is left empty, potentially enabling authentication bypass and reconnaissance of LDAP directory structures. The vulnerability carries a low CVSS score of 3.7 due to high attack complexity requirements, and no public exploit code has been identified at the time of analysis.
n8n contains an LDAP injection vulnerability in the LDAP node's filter escape logic that allows LDAP metacharacters to pass through unescaped when user-controlled input is interpolated into LDAP search filters. This affects n8n versions prior to 1.123.27, 2.13.3, and 2.14.1, enabling attackers to manipulate LDAP queries to retrieve unintended directory records or bypass authentication controls implemented within workflows. The vulnerability requires specific workflow configuration (LDAP node receiving external user input via expressions) and has not been publicly reported as actively exploited, though no proof-of-concept availability is explicitly confirmed across available intelligence sources.
An LDAP injection vulnerability in SuiteCRM's authentication flow allows attackers to manipulate LDAP queries by injecting control characters into user-supplied input, potentially leading to authentication bypass or information disclosure. The vulnerability affects SuiteCRM versions prior to 7.15.1 and 8.9.3, which are open-source CRM systems widely deployed in enterprise environments. While no active exploitation has been reported (not in CISA KEV), the network-exploitable nature and potential for authentication bypass makes this a serious concern for organizations using affected versions.
Parse Server's LDAP authentication adapter fails to properly sanitize user input in Distinguished Names and group filters, allowing authenticated attackers to inject LDAP commands and bypass group-based access controls. This vulnerability enables privilege escalation for any valid LDAP user to gain membership in restricted groups, affecting deployments that rely on LDAP group policies for authorization. Patches are available in versions 9.5.2-alpha.13 and 8.6.26.
OpenDCIM through version 23.04 fails to enforce authorization checks in its installation and upgrade handlers, allowing any authenticated user to modify LDAP configuration settings regardless of their assigned roles. Public exploit code exists for this vulnerability, and in deployments where REMOTE_USER authentication is not enforced, unauthenticated attackers may also access these administrative functions. An attacker can exploit this to alter application configuration and potentially compromise directory services integration.
JNDI injection in mchange-commons-java library allows remote code execution through crafted JNDI lookup strings. Similar to Log4Shell attack pattern. PoC and patch available.
Windows LDAP service in Server 2022 and 2022 23H2 is vulnerable to denial of service through a null pointer dereference that can be triggered remotely without authentication. An attacker can exploit this flaw over the network to crash the LDAP service and disrupt directory access functionality. No patch is currently available for this vulnerability.
Fortios versions up to 7.6.4 contains a vulnerability that allows attackers to an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FS (CVSS 8.1).
Authentication bypass in Apache Druid versions 0.17.0 through 35.x. Affects all versions prior to 36.0.0 when specific prerequisites are met.
WeKan (open-source kanban) prior to 8.19 has an LDAP filter injection vulnerability enabling authentication bypass through crafted LDAP login attempts.
DataHub versions prior to 1.3.1.8 are vulnerable to man-in-the-middle attacks during LDAP authentication due to insufficient TLS certificate validation, allowing attackers on the network to intercept and eavesdrop on sensitive authentication credentials. An unauthenticated attacker can downgrade the TLS connection to capture plaintext LDAP credentials without requiring user interaction. No patch is currently available for affected deployments.
Fortinet FortiOS versions up to 7.6.6 contains a vulnerability that allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in t (CVSS 3.2).
YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services.
Improper access controls in WeKan's LDAP user synchronization component (versions up to 8.20) allow authenticated remote attackers to gain unauthorized access to sensitive information or modify data with low complexity. The vulnerability affects the LDAP User Sync functionality in packages/wekan-ldap/server/syncUser.js and requires valid credentials to exploit. WeKan 8.21 and later address this issue and should be deployed immediately.
Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. [CVSS 6.4 MEDIUM]
An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface.
Moonraker versions 0.9.3 and below with LDAP authentication enabled are susceptible to LDAP injection attacks through the login endpoint, enabling attackers to enumerate valid user IDs and attributes via response analysis. An unauthenticated remote attacker can exploit this vulnerability to discover LDAP directory information without requiring valid credentials. A patch is available in version 0.10.0 and later.
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. [CVSS 6.1 MEDIUM]
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication. [CVSS 7.2 HIGH]
Windows LDAP input validation bypass in Windows 10 21H2, Windows 11 24H2, and Windows Server 2022 23H2 enables authenticated network attackers to modify data integrity without detection. The vulnerability requires valid credentials and network access but does not provide elevation of privilege or confidentiality breaches. No patch is currently available for this medium-severity issue.
When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. [CVSS 5.3 MEDIUM]
When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. [CVSS 6.3 MEDIUM]
Kanboard versions 1.2.48 and earlier contain an LDAP injection vulnerability where unsanitized user input in the LDAP authentication mechanism allows attackers to enumerate users, extract sensitive attributes, and target specific accounts. Public exploit code exists for this vulnerability. The issue is resolved in version 1.2.49 and later.
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load.
pgAdmin <= 9.9 is affected by an LDAP injection vulnerability in the LDAP authentication flow that allows an attacker to inject special LDAP characters in the username, causing the DC/LDAP server and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CISA Thorium does not escape user controlled strings used in LDAP queries. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity.
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache HertzBeat . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
{remote_id}/link API when objectGUID is configured as the Group ID Attribute.
A remote code execution vulnerability in A possible security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.
Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.