Vulnerabilities > Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-01 | CVE-2019-4297 | LDAP Injection vulnerability in IBM Robotic Process Automation With Automation Anywhere IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. | 5.4 |
| 2018-03-06 | CVE-2018-5730 | LDAP Injection vulnerability in multiple products MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. | 3.8 |
| 2018-02-19 | CVE-2016-8750 | LDAP Injection vulnerability in Apache Karaf Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. | 6.5 |
| 2018-02-01 | CVE-2011-4069 | LDAP Injection vulnerability in Packetfence html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username. | 9.8 |
| 2017-11-17 | CVE-2017-4927 | LDAP Injection vulnerability in VMWare Vcenter Server 6.0/6.5 VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service. | 7.5 |
| 2017-09-20 | CVE-2017-14596 | LDAP Injection vulnerability in Joomla Joomla! In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password. | 9.8 |
| 2017-09-06 | CVE-2015-7294 | LDAP Injection vulnerability in Ldapauth-Fork Project Ldapauth-Fork ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username. | 7.5 |
| 2017-05-05 | CVE-2017-8790 | LDAP Injection vulnerability in Accellion File Transfer Appliance 80540/911200/911210 An issue was discovered on Accellion FTA devices before FTA_9_12_180. | 9.8 |
| 2017-01-23 | CVE-2016-9870 | LDAP Injection vulnerability in EMC Isilon Onefs EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. | 6.7 |
| 2017-01-12 | CVE-2016-9299 | LDAP Injection vulnerability in multiple products The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server. | 9.8 |