How severe is CVE-2022-45910?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-45910?

This is classified as CWE-90, which is a common weakness in software security.

CVE-2022-45910 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions.

Related Vulnerabilities

CVE-2021-32651

MEDIUM

CVSS:4.3(Medium)

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged...

CWE-902021

CVE-2019-4297

MEDIUM

CVSS:6.4(Medium)

IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit thi...

CWE-902019

CVE-2016-8750

MEDIUM

CVSS:6.5(Medium)

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks l...

CWE-902016

CVE-2020-5246

MEDIUM

CVSS:6.5(Medium)

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. It occurs when user input is being used in LDAP search filter. By providing specially crafted input, an attacker can ...

CWE-902020

CVE-2023-28853

MEDIUM

CVSS:6.5(Medium)

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4...

CWE-902023

CVE-2024-27310

MEDIUM

CVSS:6.5(Medium)

Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP input.

CWE-902024