the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew  

Security Vulnerabilities Related To CWE-90

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-32651 90 2021-06-01 2021-06-16
None Remote Medium Not required Partial None None
OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged queries to the application and explore the LDAP tree using Blind LDAP Injection techniques. The specific payload depends on how the User Search Filter property is configured in OneDev. This issue was fixed in version 4.4.2.
2 CVE-2019-4297 90 2019-07-01 2019-10-09
None Remote Low ??? Partial Partial None
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability to make unauthorized queries or modify the LDAP content. IBM X-Force ID: 160761.
3 CVE-2018-5730 90 2018-03-06 2021-09-30
None Remote Low ??? Partial Partial None
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
4 CVE-2017-14596 90 2017-09-20 2017-09-27
None Remote Low Not required Partial None None
In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.
5 CVE-2017-8790 90 2017-05-05 2017-05-17
None Remote Low Not required Partial Partial Partial
An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.
6 CVE-2017-4927 90 DoS 2017-11-17 2017-12-04
None Remote Low Not required None None Partial
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
7 CVE-2016-9870 90 2017-01-23 2017-01-24
None Local Low Not required Complete Complete Complete
EMC Isilon OneFS, EMC Isilon OneFS -, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS -, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.
8 CVE-2016-9299 90 Exec Code 2017-01-12 2019-05-22
None Remote Low Not required Partial Partial Partial
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
9 CVE-2016-8750 90 DoS 2018-02-19 2019-04-26
None Remote Low ??? None None Partial
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks leading to a denial of service.
10 CVE-2015-7294 90 2017-09-06 2020-03-09
None Remote Low Not required Partial None None
ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.
11 CVE-2011-4069 90 Bypass 2018-02-01 2018-02-21
None Remote Low Not required Partial Partial Partial
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
Total number of vulnerabilities : 11   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.