An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary…
An attacker can retrieve arbitrary certificates from the LDAP Certificate repository in the Apache CXF XKMS server due to an LDAP injection vulnerability. This can lead to sensitive data exposure and server compromise. The attacker can exploit this vulnerability by sending a crafted LDAP request.
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue.
Apache CXF users with the XKMS server enabled are at critical risk of sensitive data exposure and server compromise due to LDAP injection attacks.
Immediate Action Required
This vulnerability is critical and can be exploited with high impact.
What should I do?
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
Affected Products
2
References
apache / cxf
| apache |
| cxf |
| - |
| - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact