How severe is CVE-2015-10027?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2015-10027?

This is classified as CWE-90, which is a common weakness in software security.

CVE-2015-10027 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The patch is identified as a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability.

Related Vulnerabilities

CVE-2011-4069

CRITICAL

CVSS:9.8(Critical)

html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

CWE-902011

CVE-2016-9299

CRITICAL

CVSS:9.8(Critical)

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party s...

CWE-902016

CVE-2017-14596

CRITICAL

CVSS:9.8(Critical)

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

CWE-902017

CVE-2017-8790

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. The home/seos/courier/ldaptest.html POST parameter "filter" can be used for LDAP Injection.

CWE-902017

CVE-2021-43350

CRITICAL

CVSS:9.8(Critical)

An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LD...

CWE-902021

CVE-2023-6905

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5. This issue affects some unknown processing of the file user,adap.jsp?actionFlag=test&id=1 of the com...

CWE-902023