9.8
CVE-2026-44930
- EPSS 0.68%
- Veröffentlicht 22.05.2026 12:16:47
- Zuletzt bearbeitet 30.06.2026 03:20:02
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.68% | 0.477 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended LDAP query when it is sent to a downstream component.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://lists.apache.org/thread/c1zqxppo1m5z3kbdhjn5p991zk09ynkh
http://www.openwall.com/lists/oss-security/2026/05/22/9
https://access.redhat.com/security/cve/CVE-2026-44930
https://bugzilla.redhat.com/show_bug.cgi?id=2480728
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44930.json