Base Score

HIGH7.8

CVE-2015-5349

The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateApr 11, 2016, 21:59

Affected Versions(1)

org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core(Maven)

Introduced0

Fixed2.0.0.v20151221-M10

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core(Maven)	0	2.0.0.v20151221-M10	N/A

Weakness Type (CWE):CWE-77

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

HIGH7.8

Weakness Type (CWE):CWE-77

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH