Detected input from a HTTPServletRequest going into an LDAP query. This could lead to LDAP injection if the input is not properly santized, which could result in attackers modifying objects in the LDAP tree structure. Ensure data passed to an LDAP query is not controllable or properly sanitize the data. Likelihood: HIGH Confidence: MEDIUM CWE: - CWE-90: Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)
OWASP: - A01:2017 - Injection
- A03:2021 - Injection