CVE-2022-31084

Name of the Vulnerable Software and Affected Versions LDAP Account Manager versions prior to 8.0

Description The issue is related to the instantiation of objects from arbitrary classes in LDAP Account Manager, allowing an attacker to inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation.

Recommendations For versions prior to 8.0, update to version 8.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functionality until the update is applied.