Описание
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
A vulnerability was found in the openldap-servers package. A SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This issue occurs during an LDAP search operation when the search filter is processed due to a lack of proper escaping.
Отчет
Red Hat Enterprise Linux 8 and 9 are not affected as we have not shipped the OpenLDAP-servers package.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | compat-openldap | Out of support scope | ||
| Red Hat Enterprise Linux 6 | openldap | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-openldap | Out of support scope | ||
| Red Hat Enterprise Linux 7 | openldap | Out of support scope | ||
| Red Hat Enterprise Linux 8 | openldap | Not affected | ||
| Red Hat Enterprise Linux 9 | openldap | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection ...
EPSS
6.5 Medium
CVSS3