Pega Platform LDAP Injection Vulnerability - CVE-2019-16374 - Vulnerability Database

Pega Platform LDAP Injection Vulnerability - CVE-2019-16374

Medium

Reference: CVE-2019-16374

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-16374

Title: Pega Platform LDAP Injection Vulnerability

Overview:

Pega Platform 8.2.1 allows LDAP injection because a username can contain a character and can be of unlimited length. An attacker can specify four characters of a username followed by the character to bypass access control.