What is CVE-2022-31084?

CVE-2022-31084 is a critical-severity vulnerability in Ldapaccountmanager Lam, classified under Argument Injection. CVSS score: 9.0/10. Published 2022-06-27.

How severe is CVE-2022-31084?

Critical severity. CVSS v3 base score is 9.0 out of 10.

Vulnerability in Ldapaccountmanager Lam

CVE-2022-31084

LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker c…

EPSS: 0.016 (81.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.0 (Critical). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Ldapaccountmanager Lam — versions < 8.0

Weakness classification (CWE)

CWE-88 — Argument Injection

References

github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429df… (x_refsource_MISC)
github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw (x_refsource_CONFIRM)
DSA-5177 (vendor-advisory, x_refsource_DEBIAN)
swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-31084?: CVE-2022-31084 is a critical-severity vulnerability in Ldapaccountmanager Lam, classified under Argument Injection. CVSS score: 9.0/10. Published 2022-06-27.
How severe is CVE-2022-31084?: Critical severity. CVSS v3 base score is 9.0 out of 10.