Home > Vulnerability Database > CVE-2022-45801

Mend.io Vulnerability Database

CVE-2022-45801

Date: May 1, 2023

Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.

Language: TYPE_SCRIPT

Severity Score

5.4

Related Resources (4)

Url: https://lists.apache.org/thread/xbkwwpkp3n2rs2wcxg8l26mhsftxwwr9

Url: https://github.com/apache/incubator-streampark

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-45801

Url: https://www.mend.io/vulnerability-database/CVE-2022-45801

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-45801

Date: May 1, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?