Lucene search

[email protected]CVE-2007-6433

HistoryDec 18, 2007 - 8:46 p.m.

CVE-2007-6433

2007-12-1820:46:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-6433

jboss seam

remote code injection

security vulnerability

nvd

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

CPENameOperatorVersion
jboss:seamjboss seamle2.0.0

CPE	Name	Operator	Version
jboss:seam	jboss seam	le	2.0.0

References

jira.jboss.com/jira/browse/JBSEAM-2084

osvdb.org/42631

secunia.com/advisories/28077

sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

www.redhat.com/support/errata/RHSA-2008-0151.html

www.redhat.com/support/errata/RHSA-2008-0158.html

www.redhat.com/support/errata/RHSA-2008-0213.html

www.securityfocus.com/bid/26850

www.vupen.com/english/advisories/2007/4215

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2007-6433

prion1 veracode1 redhat1 nessus2