Lucene search

K

Veracode Vulnerability DatabaseVERACODE:38350

HistoryDec 06, 2022 - 9:35 a.m.

LDAP Injection

2022-12-0609:35:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Camel LDAP is vulnerable to LDAP injection. The vulnerability is due to the process function in LdapProducer.java when using the filter options which allows an attacker to inject and execute LDAP queries into the system.

CPENameOperatorVersion
camel :: ldapeq3.19.0
camel :: ldaple2.5.0
camel :: ldaple3.18.3
camel :: ldapeq3.19.0
camel :: ldaple2.5.0
camel :: ldaple3.18.3

References

www.openwall.com/lists/oss-security/2022/12/05/2

camel.apache.org/security/CVE-2022-45046.html

github.com/advisories/GHSA-w66j-xc7r-m2jv

github.com/apache/camel/commit/961bc8d51a4331eff982dc5be35b38e333e9fca8

github.com/apache/camel/commit/ad44f93fa9df74b2accde0b8812f6798f92ad0bf

github.com/apache/camel/commit/c46cbcc6bee94ec631e7898b0c944cae98b4a071

github.com/apache/camel/commit/c543ee1ebd632566618293f8e2d3fc2969198283

issues.apache.org/jira/browse/CAMEL-186906

www.openwall.com/lists/oss-security/2022/12/05/2

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related for VERACODE:38350

osv2 cve1 redhatcve1 github1 prion1 ibm1