9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Camel LDAP is vulnerable to LDAP injection. The vulnerability is due to the process
function in LdapProducer.java
when using the filter options which allows an attacker to inject and execute LDAP queries into the system.
CPE | Name | Operator | Version |
---|---|---|---|
camel :: ldap | eq | 3.19.0 | |
camel :: ldap | le | 2.5.0 | |
camel :: ldap | le | 3.18.3 | |
camel :: ldap | eq | 3.19.0 | |
camel :: ldap | le | 2.5.0 | |
camel :: ldap | le | 3.18.3 |
www.openwall.com/lists/oss-security/2022/12/05/2
camel.apache.org/security/CVE-2022-45046.html
github.com/advisories/GHSA-w66j-xc7r-m2jv
github.com/apache/camel/commit/961bc8d51a4331eff982dc5be35b38e333e9fca8
github.com/apache/camel/commit/ad44f93fa9df74b2accde0b8812f6798f92ad0bf
github.com/apache/camel/commit/c46cbcc6bee94ec631e7898b0c944cae98b4a071
github.com/apache/camel/commit/c543ee1ebd632566618293f8e2d3fc2969198283
issues.apache.org/jira/browse/CAMEL-186906
www.openwall.com/lists/oss-security/2022/12/05/2