Total
154 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-22963 | 2 Oracle, Vmware | 28 Banking Branch, Banking Cash Management, Banking Corporate Lending Process Management and 25 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | |||||
CVE-2021-45046 | 6 Apache, Debian, Fedoraproject and 3 more | 61 Log4j, Debian Linux, Fedora and 58 more | 2023-12-10 | 5.1 MEDIUM | 9.0 CRITICAL |
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. | |||||
CVE-2021-32834 | 1 Eclipse | 1 Keti | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063. | |||||
CVE-2020-26565 | 1 Objectplanet | 1 Opinio | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data. | |||||
CVE-2021-28170 | 3 Eclipse, Oracle, Quarkus | 4 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 1 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | |||||
CVE-2021-26084 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | |||||
CVE-2020-7155 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7151 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7180 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7195 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7162 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7190 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7173 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7148 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7141 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7176 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7185 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7191 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7177 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-7178 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). |