LDAP Injection Vulnerability in IBM WebSphere Application Server - Liberty
CVE-2021-39031
7.5HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 25 January 2022
Summary
IBM WebSphere Application Server - Liberty versions 17.0.0.3 through 22.0.0.1 are susceptible to a vulnerability that allows remote authenticated attackers to perform LDAP injection via specially crafted requests. This could enable unauthorized access to sensitive resources, compromising the application’s security. Organizations using these versions should implement appropriate measures to mitigate the risks associated with this vulnerability to prevent potential exploitation.
Affected Version(s)
WebSphere Application Server Liberty 17.0.0.3
WebSphere Application Server Liberty 22.0.0.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved