Executive Summary

Informations
Name CVE-2022-45801 First vendor Publication 2023-05-01
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Overall CVSS Score 5.4
Base Score 5.4 Environmental Score 5.4
impact SubScore 2.5 Temporal Score 5.4
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact Low
Integrity Impact Low Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45801

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Sources (Detail)

https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2024-11-28 14:17:27
  • Multiple Updates
2023-05-10 00:27:21
  • Multiple Updates
2023-05-02 00:27:15
  • Multiple Updates
2023-05-01 21:27:15
  • First insertion