ldap-backend is vulnerable to LDAP Injection. The vulnerability exists because the doGetIdentity
function in LdapIdentityBackend.java
does not properly filter the object class, allowing an attacker to inject and execute malicious LDAP query’s through the principalName
parameter.
CPE | Name | Operator | Version |
---|---|---|---|
ldap identity backend | le | 2.0.2 | |
ldap identity backend | le | 2.0.2 |