3 matches found
ch.exense.commons:exense-auth-ldap (>=1.3.0 <=1.3.1), ch.exense.commons:exense-core-server (>=1.3.0 <=1.3.1) +12 more potentially affected by CVE-2026-40458 +1 more via org.pac4j:pac4j-ldap (>=4.0.0 <=4.4.0)
org.pac4j:pac4j-ldap MAVEN version =4.0.0, =1.3.0, =1.3.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =3.14.0, =1.0.0.RELEASE, =1.0.1.RELEASE Source cves: CVE-2026-40458, CVE-2026-40459 Source advisory: SNYK:JAVA-ORGPAC4J-16109662...
LDAP Injection
Overview Affected versions of this package are vulnerable to LDAP Injection in the LdapProfileService class, which accepts ID-based search parameters in multiple methods. A privileged attacker can execute unauthorized LDAP queries and perform arbitrary directory operations. Remediation Upgrade...
com.axelor:axelor-core (>=8.0.0 <=8.1.1), com.axelor:axelor-web (>=8.0.0 <=8.1.1) potentially affected by CVE-2026-40458 +1 more via org.pac4j:pac4j-ldap (>=6.2.2 <=6.3.1)
org.pac4j:pac4j-ldap MAVEN version =6.2.2, =8.0.0, =8.0.0, =8.1.1 Source cves: CVE-2026-40458, CVE-2026-40459 Source advisory: SNYK:JAVA-ORGPAC4J-16109662...