CVE-2025-27686

LOW Year: 2025
CVSS v3 Score
2.7
Low
Weakness Type
CWE-90
View all →

Vulnerability Description

Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.

Related Vulnerabilities

CVE-2018-5730

LOW
CVSS:3.8(Low)

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn...

CWE-902018

CVE-2021-32651

MEDIUM
CVSS:4.3(Medium)

OneDev is a development operations platform. If the LDAP external authentication mechanism is enabled in OneDev versions 4.4.1 and prior, an attacker can manipulate a user search filter to send forged...

CWE-902021

CVE-2011-4069

CRITICAL
CVSS:9.8(Critical)

html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.

CWE-902011

CVE-2015-10027

CRITICAL
CVSS:9.8(Critical)

A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulatio...

CWE-902015

CVE-2016-9299

CRITICAL
CVSS:9.8(Critical)

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party s...

CWE-902016

CVE-2017-14596

CRITICAL
CVSS:9.8(Critical)

In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication plugin can result in a disclosure of a username and password.

CWE-902017