CVE-2022-31084 : LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP d

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0.

Published 2022-06-27 21:15:08

Updated 2022-10-28 19:19:46

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2022-31084

Probability of exploitation activity in the next 30 days: 0.64%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-31084

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.0	CRITICAL	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H	2.2	6.0	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High
8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	2.2	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-31084

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2022-31084

https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw

Unauthenticated Arbitrary Object Instantiation / Unauthenticated Remote Code Execution · Advisory · LDAPAccountManager/lam · GitHub
Third Party Advisory
https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/

Exploiting Arbitrary Object Instantiations in PHP without Custom Classes – PT SWARM
Exploit;Third Party Advisory
https://www.debian.org/security/2022/dsa-5177

Debian -- Security Information -- DSA-5177-1 ldap-account-manager
Third Party Advisory

CVEs referencing this url
https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4

Merge pull request from GHSA-r387-grjx-qgvw · LDAPAccountManager/lam@f1d5d04 · GitHub
Patch;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2022-31084

Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Ldap-account-manager » Ldap Account Manager
Versions before (<) 8.0
cpe:2.3:a:ldap-account-manager:ldap_account_manager:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-31084

Exploit prediction scoring system (EPSS) score for CVE-2022-31084

CVSS scores for CVE-2022-31084

CWE ids for CVE-2022-31084

References for CVE-2022-31084

Products affected by CVE-2022-31084