CVE-2022-45801 in StreamParkinfo

Summary

by MITRE • 05/01/2023

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

11/23/2022

Disclosure

05/01/2023

Moderation

accepted

Entry

VDB-224866

CPE

ready

CWE

CWE-90 (confirmed)

CVSS

5.5 (VulDB)

EPSS

0.01379

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2022-45801
NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-45801
CVE Details	https://www.cvedetails.com/cve/CVE-2022-45801/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!