Security Advisory

CVE-2024-54852

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-01-29 00:00:00

Last updated 2025-02-10 22:11:34

Assigner mitre

State PUBLISHED

Description

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.

← Browse all CVEs View on cve.org ↗