Total
176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31805 | 1 Apache | 1 Struts | 2024-11-21 | 9.8 Critical |
| The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation. | ||||
| CVE-2021-28170 | 4 Eclipse, Oracle, Quarkus and 1 more | 12 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 9 more | 2024-11-21 | 5.3 Medium |
| In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | ||||
| CVE-2020-9297 | 1 Netflix | 1 Titus | 2024-11-21 | 9.8 Critical |
| Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. | ||||
| CVE-2020-9296 | 1 Netflix | 1 Conductor | 2024-11-21 | 9.8 Critical |
| Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. | ||||
| CVE-2020-7799 | 1 Fusionauth | 1 Fusionauth | 2024-11-21 | 7.2 High |
| An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. | ||||
| CVE-2020-7195 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7194 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7193 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7192 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7191 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7190 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7189 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7188 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7187 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7186 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7185 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7184 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7183 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7182 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7181 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 8.8 High |
| A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||