Lucene search

[email protected]NVD:CVE-2022-45801

HistoryMay 01, 2023 - 3:15 p.m.

CVE-2022-45801

2023-05-0115:15:08

CWE-74

[email protected]

web.nvd.nist.gov

apache streampark

ldap injection

web applications

user input

sql injection

permissions

content modification

upgrade

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.
LDAP Injection is an attack used to exploit web based applications
that construct LDAP statements based on user input. When an
application fails to properly sanitize user input, it’s possible to
modify LDAP statements through techniques similar to SQL Injection.
LDAP injection attacks could result in the granting of permissions to
unauthorized queries, and content modification inside the LDAP tree.
This risk may only occur when the user logs in with ldap, and the user
name and password login will not be affected, Users of the affected
versions should upgrade to Apache StreamPark 2.0.0 or later.

Affected configurations

Nvd

Node

apachestreamparkRange1.0.0–2.0.0

VendorProductVersionCPE
apachestreampark*cpe:2.3:a:apache:streampark:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	streampark	*	cpe:2.3:a:apache:streampark::::::::

References

lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

29.8%

JSON

Related for NVD:CVE-2022-45801

prion1 cve1 github1 osv1 cvelist1