5 matches found
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to LDAP injection due to hbase-client
Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2023-25613 DESCRIPTION: Apache Kerby could allow a remote attacker to conduct an LDAP injection, caused by a flaw in LdapIdentityBackend. By sending a request with ...
org.apache.kerby:kerby-kdc-test (>=1.0.0-RC1 <=1.0.0-RC2) potentially affected by CVE-2023-25613 via org.apache.kerby:ldap-backend (>=1.0.0-RC1 <=1.0.0-RC2)
org.apache.kerby:ldap-backend MAVEN version =1.0.0-RC1, =1.0.0-RC1, =1.0.0-RC2 Source cves: CVE-2023-25613 Source advisory: OSV:GHSA-337F-XR2X-6FCF...
CVE-2023-25613
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3...
CVE-2023-25613
CVE-2023-25613 is an LDAP injection in Apache Kerby via LdapIdentityBackend. IBM/Cloudera advisories list CVE-2023-25613 among vulnerabilities affecting CDP (e.g., 7.1.9 HF2) and IBM DataStage on Cloud Pak for Data. Remediation provided: upgrade to Cloud Pak for Data 5.0.0+ for DataStage on Cloud...
CVE-2023-25613 LDAP Injection Vulnerability in Apache Kerby
An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3...