CVE-2022-45801

CWE-744 documents4 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 73.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Streampark (incubating)Apache Streampark

Timeline

PublishedMay 1

Description

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur whe…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶NVDapache/streampark1.0.0 — 2.0.0

▶Mavenorg.apache.streampark:streampark1.0.0 — 2.0.0

▶CVEListV5apache_software_foundation/apache_streampark_(incubating)1.0.0 — 2.0.0

🔴Vulnerability Details

CVEList

Apache StreamPark (incubating): LDAP Injection Vulnerability↗2023-05-01

▶

GHSA

Apache StreamPark LDAP Injection vulnerability↗2023-05-01

▶

OSV

Apache StreamPark LDAP Injection vulnerability↗2023-05-01

▶