CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-33868

CVSS 9.8v3.1pub. 2024-05-14upd. 2025-04-28

An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.

🤖 AI Analysis
How it works

LDAP injection (CWE-90) occurs when user-supplied input is not properly filtered or escaped before being included in LDAP queries. An attacker can craft malicious input that modifies the logic of the LDAP query sent by the application to the directory server. As a result, it is possible to bypass authentication mechanisms, gain access to unauthorized resources, or read sensitive data from the LDAP directory. The attack vector is network-based, requires no authentication or user interaction.

Impact

An attacker can gain unauthorized access to sensitive data stored in the LDAP directory, bypass authentication mechanisms, and potentially modify data or compromise system integrity and availability (CVSS C:H/I:H/A:H).

Mitigation & patch

The Linqi application should be updated to version 1.4.0.1 or newer. Detailed information about the security update is available in the manufacturer's documentation at https://linqi.help/Updates/en#/SecurityUpdates.

Who is affected

Linqi application in versions before 1.4.0.1 running on Microsoft Windows system.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linqi

    APP
    Linqi
    < 1.4.0.1
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit