CVE-2022-45801

EPSS 0.07%
Veröffentlicht 01.05.2023 15:15:08
Zuletzt bearbeitet 21.11.2024 07:29:44
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.
LDAP Injection is an attack used to exploit web based applications
that construct LDAP statements based on user input. When an
application fails to properly sanitize user input, it's possible to
modify LDAP statements through techniques similar to SQL Injection.
LDAP injection attacks could result in the granting of permissions to
unauthorized queries, and content modification inside the LDAP tree.
This risk may only occur when the user logs in with ldap, and the user
name and password login will not be affected, Users of the affected
versions should upgrade to Apache StreamPark 2.0.0 or later.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Streampark Version >= 1.0.0 < 2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.17

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-45801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-45801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-45801

EUVD