In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
References
Link | Resource |
---|---|
https://bugs.openldap.org/show_bug.cgi?id=9815 | Exploit Issue Tracking Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220609-0007/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5140 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
06 Oct 2022, 15:56
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220609-0007/ - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5140 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h700e Firmware
Netapp h500s Netapp h410s Firmware Debian Netapp h700s Netapp h300s Netapp h700e Netapp h410c Netapp h410c Firmware Debian debian Linux Netapp Netapp h300s Firmware Netapp h700s Firmware Netapp h410s Netapp h500s Firmware |
09 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 May 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 May 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 19:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:openldap:openldap:*:*:*:*:*:*:*:* | |
CWE | CWE-89 | |
References | (MISC) https://bugs.openldap.org/show_bug.cgi?id=9815 - Exploit, Issue Tracking, Vendor Advisory | |
First Time |
Openldap openldap
Openldap |
04 May 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-04 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29155
Mitre link : CVE-2022-29155
CVE.ORG link : CVE-2022-29155
JSON object : View
Products Affected
netapp
- h500s_firmware
- h300s_firmware
- h410c
- h410s_firmware
- h700e
- h700s
- h700s_firmware
- h410c_firmware
- h700e_firmware
- h500s
- h410s
- h300s
openldap
- openldap
debian
- debian_linux
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')