← Back

CVE-2015-5349

nvd nist
Published: Apr 11, 2016Modified: May 6, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.

Affected (27)

Apache
2 products
Ldap Studio
Directory Studio
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Ldap Studio
Version 0.6.0
Ldap Studio
Version 0.7.0
Ldap Studio
Version 0.8.0
Ldap Studio
Version 0.8.1
Configuration B
23 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Directory Studio
Version 1.0.0
Directory Studio
Version 1.0.1
Directory Studio
Version 1.1.0
Directory Studio
Version 1.1.0 rc1
Directory Studio
Version 1.1.0 rc2
Directory Studio
Version 1.2.0
Directory Studio
Version 1.2.0 rc1
Directory Studio
Version 1.3.0
Directory Studio
Version 1.3.0 rc1
Directory Studio
Version 1.4.0
Directory Studio
Version 1.5.0
Directory Studio
Version 1.5.1
Directory Studio
Version 1.5.2
Directory Studio
Version 1.5.3
Directory Studio
Version 2.0.0 milestone1
Directory Studio
Version 2.0.0 milestone2
Directory Studio
Version 2.0.0 milestone3
Directory Studio
Version 2.0.0 milestone4
Directory Studio
Version 2.0.0 milestone5
Directory Studio
Version 2.0.0 milestone6
Directory Studio
Version 2.0.0 milestone7
Directory Studio
Version 2.0.0 milestone8
Directory Studio
Version 2.0.0 milestone9

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (6)

Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.