PT-2016-3686 · Apache · Apache Ldap Studio+1

Muhammad Shahmeer Amir

Published

2016-04-11

Updated

2022-05-13

CVE-2015-5349

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache LDAP Studio and Apache Directory Studio versions prior to 2.0.0-M10

Description The issue concerns the CSV export functionality, which fails to properly escape field values. This could allow attackers to execute arbitrary commands by crafting a specific LDAP entry that is interpreted as a formula when imported into a spreadsheet.

Recommendations For versions prior to 2.0.0-M10, update to version 2.0.0-M10 or later to resolve the issue.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2015-5349

GHSA-P9QJ-4RJP-J3W9

Affected Products

Apache Directory Studio

Apache Ldap Studio

PT-2016-3686 · Apache · Apache Ldap Studio+1

CVE-2015-5349

Weakness Enumeration

Related Identifiers

Affected Products

References · 10