Total
168 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26565 | 1 Objectplanet | 1 Opinio | 2024-08-04 | 7.5 High |
| ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data. | ||||
| CVE-2020-24650 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 9.8 Critical |
| A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24651 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 9.8 Critical |
| A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24652 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 9.8 Critical |
| A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-17530 | 2 Apache, Oracle | 8 Struts, Business Intelligence, Communications Diameter Intelligence Hub and 5 more | 2024-08-04 | 9.8 Critical |
| Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25. | ||||
| CVE-2020-15143 | 1 Sylius | 1 Syliusresourcebundle | 2024-08-04 | 7.7 High |
| In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched. | ||||
| CVE-2020-15146 | 1 Sylius | 1 Syliusresourcebundle | 2024-08-04 | 9.6 Critical |
| In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. This issue has been patched for versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4. Versions prior to 1.3 were not patched. | ||||
| CVE-2020-10199 | 1 Sonatype | 1 Nexus | 2024-08-04 | 8.8 High |
| Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | ||||
| CVE-2020-9296 | 1 Netflix | 1 Conductor | 2024-08-04 | 9.8 Critical |
| Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. | ||||
| CVE-2020-9297 | 1 Netflix | 1 Titus | 2024-08-04 | 9.8 Critical |
| Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code. | ||||
| CVE-2020-7799 | 1 Fusionauth | 1 Fusionauth | 2024-08-04 | 7.2 High |
| An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. | ||||
| CVE-2020-7191 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7192 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7187 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7185 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7184 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7195 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7189 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7175 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-7180 | 1 Hp | 1 Intelligent Management Center | 2024-08-04 | 8.8 High |
| A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||