Vulnerabilities > Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-02-01 CVE-2023-51446 LDAP Injection vulnerability in Glpi-Project Glpi
GLPI is a Free Asset and IT Management Software package.
network
high complexity
glpi-project CWE-90
8.1
2023-12-18 CVE-2023-6905 LDAP Injection vulnerability in Nxfilter 4.3.2.5
A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5.
network
low complexity
nxfilter CWE-90
critical
9.8
2023-04-04 CVE-2023-28853 LDAP Injection vulnerability in Joinmastodon Mastodon
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication.
network
low complexity
joinmastodon CWE-90
6.5
2023-02-01 CVE-2022-4254 LDAP Injection vulnerability in multiple products
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
network
low complexity
fedoraproject redhat CWE-90
8.8
2021-06-01 CVE-2021-32651 LDAP Injection vulnerability in Onedev Project Onedev
OneDev is a development operations platform.
4.3
2019-07-01 CVE-2019-4297 LDAP Injection vulnerability in IBM Robotic Process Automation With Automation Anywhere
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection.
network
low complexity
ibm CWE-90
5.4
2018-03-06 CVE-2018-5730 LDAP Injection vulnerability in multiple products
MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.
network
low complexity
mit fedoraproject debian redhat CWE-90
3.8
2018-02-19 CVE-2016-8750 LDAP Injection vulnerability in Apache Karaf
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP.
network
low complexity
apache CWE-90
4.0
2018-02-01 CVE-2011-4069 LDAP Injection vulnerability in Packetfence
html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.
network
low complexity
packetfence CWE-90
7.5
2017-11-17 CVE-2017-4927 LDAP Injection vulnerability in VMWare Vcenter Server 6.0/6.5
VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.
network
low complexity
vmware CWE-90
5.0