SYM_JAVA_0088 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
User-controlled or variable data is being directly inserted into LDAP queries without proper validation or sanitization. This allows attackers to manipulate LDAP statements by injecting malicious input.
Impact
If exploited, attackers could bypass authentication, access unauthorized data, or modify directory information. This can lead to data breaches, privilege escalation, or compromise of sensitive application resources.