Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-917
Total 142 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9296 1 Netflix 1 Conductor 2021-07-21 7.5 HIGH 9.8 CRITICAL
Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
CVE-2018-16621 1 Sonatype 1 Nexus Repository Manager 2021-03-04 6.5 MEDIUM 7.2 HIGH
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
CVE-2020-7141 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7142 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7143 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7145 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7144 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7146 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7147 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7148 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7149 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7150 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7151 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7152 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7153 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7154 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7155 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7156 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7157 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-7158 1 Hp 1 Intelligent Management Center 2020-10-21 10.0 HIGH 9.8 CRITICAL
A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).