CVE-2019-11277

HIGH Year: 2019
CVSS v3 Score
8.4
High
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-90
View all →

Vulnerability Description

Cloud Foundry NFS Volume Service, 1.7.x versions prior to 1.7.11 and 2.x versions prior to 2.3.0, is vulnerable to LDAP injection. A remote authenticated malicious space developer can potentially inject LDAP filters via service instance creation, facilitating the malicious space developer to deny service or perform a dictionary attack.

Related Vulnerabilities

CVE-2022-4254

HIGH
CVSS:8.8(High)

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

CWE-902022

CVE-2015-7294

HIGH
CVSS:7.5(High)

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.

CWE-902015

CVE-2017-4927

HIGH
CVSS:7.5(High)

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

CWE-902017

CVE-2020-5281

HIGH
CVSS:7.5(High)

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

CWE-902020

CVE-2023-31025

HIGH
CVSS:7.5(High)

NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

CWE-902023

CVE-2024-56841

CRITICAL
CVSS:7.4(High)

A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to byp...

CWE-902024