CVE-2023-6905

Name of the Vulnerable Software and Affected Versions Jahastech NxFilter version 4.3.2.5

Description A problematic issue has been found in the Bind Request Handler component, affecting the processing of the file user,adap.jsp?actionFlag=test&id=1. This leads to ldap injection and can be initiated remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Jahastech NxFilter version 4.3.2.5, as a temporary workaround, consider restricting access to the user,adap.jsp file until a patch is available. Additionally, avoid using the id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.