OpenLDAP.back-sql.LDAP.Search.SQL.Injection
Description
This indicates an attack attempt to exploit an SQL Injection Vulnerability in OpenLDAP Foundation OpenLDAP.
The vulnerability is due to improper input validation in LDAP search requests. A remote attacker can exploit the vulnerability by sending a crafted query to the target OpenLDAP server. Successful exploitation could result in the arbitrary SQL command execution under the security context of the LDAP database user.
Affected Products
OpenLDAP Foundation OpenLDAP 2.x prior 2.5.12
OpenLDAP Foundation OpenLDAP 2.6.x prior 2.6.2
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://bugs.openldap.org/show_bug.cgi?id=9815
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |