Skip to main content

Improper Handling of Case Sensitivity

CVE-2024-38829

Severity Medium
Score 6.3/10

Summary

A VMware Tanzu Spring LDAP vulnerability allows potential data exposure during case-sensitive comparisons. This issue impacts Spring LDAP versions prior to 2.4.4, 3.0.x prior to 3.2.8. The vulnerability arises from the usage of "String.toLowerCase()" and "String.toUpperCase()," which have Locale-dependent exceptions. These exceptions can lead to unintended columns being queried.

  • HIGH
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-178 - Improper Handling of Case Sensitivity

The software does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

Advisory Timeline

  • Published