CVE-2015-5349

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
apacheldap_studio
0.6.0
apacheldap_studio
0.7.0
apacheldap_studio
0.8.0
apacheldap_studio
0.8.1
apachedirectory_studio
1.0.0
apachedirectory_studio
1.0.1
apachedirectory_studio
1.1.0
apachedirectory_studio
1.1.0:rc1
apachedirectory_studio
1.1.0:rc2
apachedirectory_studio
1.2.0
apachedirectory_studio
1.2.0:rc1
apachedirectory_studio
1.3.0
apachedirectory_studio
1.3.0:rc1
apachedirectory_studio
1.4.0
apachedirectory_studio
1.5.0
apachedirectory_studio
1.5.1
apachedirectory_studio
1.5.2
apachedirectory_studio
1.5.3
apachedirectory_studio
2.0.0:milestone1
apachedirectory_studio
2.0.0:milestone2
apachedirectory_studio
2.0.0:milestone3
apachedirectory_studio
2.0.0:milestone4
apachedirectory_studio
2.0.0:milestone5
apachedirectory_studio
2.0.0:milestone6
apachedirectory_studio
2.0.0:milestone7
apachedirectory_studio
2.0.0:milestone8
apachedirectory_studio
2.0.0:milestone9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache-directory-server
bullseye
2.0.0~M24-4
fixed
bookworm
2.0.0~M26-1
fixed
sid
2.0.0~M26-5
fixed
trixie
2.0.0~M26-5
fixed
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/537225/100/0/threaded
https://directory.apache.org/studio/news.html
https://lists.apache.org/thread.html/reb5443aaf781b364896ee9d7cf6e97fdc4f5a5174132c319252963b6%40%3Ccommits.directory.apache.org%3E
http://www.securityfocus.com/archive/1/537225/100/0/threaded
https://directory.apache.org/studio/news.html
https://lists.apache.org/thread.html/reb5443aaf781b364896ee9d7cf6e97fdc4f5a5174132c319252963b6%40%3Ccommits.directory.apache.org%3E