Main Vulnerability Database Vulnerabilities #VU69964

LDAP injection in ManifoldCF - CVE-2022-45910

Published: December 6, 2022

Vulnerability identifier: #VU69964

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-45910

CWE-ID: CWE-90

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ManifoldCF

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote user to manipulate queries and escalate privileges within the application.

The vulnerability exists due to improper input validation when processing DLAP queries within the ActiveDirectory and Sharepoint ActiveDirectory authority connectors. A remote user can send a specially crafted LDAP query to the application and bypass implemented security restrictions or escalate privileges within the application.

Remediation

Install updates from vendor's website.

External links

https://seclists.org/oss-sec/2022/q4/172

LDAP injection in ManifoldCF - CVE-2022-45910

Description

Remediation

External links

Please verify you're human