SYM_JAVA_0069 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
User input from an HttpServletRequest is being used directly in an LDAP query without proper sanitization. This allows attackers to inject malicious LDAP statements by manipulating request parameters.
Impact
If exploited, an attacker could modify, access, or delete sensitive records in the LDAP directory, potentially bypassing authentication, escalating privileges, or disrupting application functionality. This threatens data integrity and security across your system.