CVE-2024-56841

CRITICAL Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-90
View all →

Vulnerability Description

A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification.

Related Vulnerabilities

CVE-2015-7294

HIGH
CVSS:7.5(High)

ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.

CWE-902015

CVE-2017-4927

HIGH
CVSS:7.5(High)

VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) does not correctly handle specially crafted LDAP network packets which may allow for remote denial of service.

CWE-902017

CVE-2020-5281

HIGH
CVSS:7.5(High)

In Perun before version 3.9.1, VO or group manager can modify configuration of the LDAP extSource to retrieve all from Perun LDAP. Issue is fixed in version 3.9.1 by sanitisation of the input.

CWE-902020

CVE-2023-31025

HIGH
CVSS:7.5(High)

NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.

CWE-902023

CVE-2016-9870

MEDIUM
CVSS:6.7(Medium)

EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability...

CWE-902016

CVE-2016-8750

MEDIUM
CVSS:6.5(Medium)

Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames properly and hence was vulnerable to LDAP injection attacks l...

CWE-902016