Lucene search
AnonymousZDI-23-1650HistoryNov 15, 2023 - 12:00 a.m.
Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability
2023-11-1500:00:00
Anonymous
www.zerodayinitiative.com
8
adobe
robohelp server
ldap injection
information disclosure
vulnerability
authentication
exploit
validation
user-supplied string
ldap queries
sensitive information
stored credentials
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe RoboHelp Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resolveDistinguishedName method. The issue results from the lack of proper validation of a user-supplied string before using it to construct LDAP queries. An attacker can leverage this vulnerability to disclose sensitive information in the context of the application, including partial information about stored credentials.
Related
prion
prion
Input validation
2023-11-17 13:15:00
cnvd
cnvd
Adobe RoboHelp Server Information Disclosure Vulnerability
2023-11-21 00:00:00
cve
cve
CVE-2023-22272
2023-11-17 13:15:07
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-22272
2023-11-17 13:15:07
adobe
adobe
APSB23-53 : Security update available for Adobe RoboHelp Server
2023-11-14 00:00:00
openvas
openvas
Adobe RoboHelp Server < 11.5 Multiple Vulnerabilities (APSB23-53)
2023-11-20 00:00:00
nessus
nessus
Adobe RoboHelp Server < 11 Update 5 Multiple Vulnerabilities (APSB23-53)
2023-11-17 00:00:00