PT-2016-3686 · Apache · Apache Ldap Studio+1

Muhammad Shahmeer Amir

Publicado

2016-04-11

Atualizado

2022-05-13

CVE-2015-5349

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache LDAP Studio and Apache Directory Studio versions prior to 2.0.0-M10

Description The issue concerns the CSV export functionality, which fails to properly escape field values. This could allow attackers to execute arbitrary commands by crafting a specific LDAP entry that is interpreted as a formula when imported into a spreadsheet.

Recommendations For versions prior to 2.0.0-M10, update to version 2.0.0-M10 or later to resolve the issue.

Correção

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2015-5349

GHSA-P9QJ-4RJP-J3W9

Produtos afetados

Apache Directory Studio

Apache Ldap Studio

PT-2016-3686 · Apache · Apache Ldap Studio+1

CVE-2015-5349

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10