Lucene search

[email protected]NVD:CVE-2007-6433

HistoryDec 18, 2007 - 8:46 p.m.

CVE-2007-6433

2007-12-1820:46:00

CWE-20

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

Affected configurations

NVD

Node

jbossseamRange≤2.0.0cr2

References

jira.jboss.com/jira/browse/JBSEAM-2084

osvdb.org/42631

secunia.com/advisories/28077

sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

www.redhat.com/support/errata/RHSA-2008-0151.html

www.redhat.com/support/errata/RHSA-2008-0158.html

www.redhat.com/support/errata/RHSA-2008-0213.html

www.securityfocus.com/bid/26850

www.vupen.com/english/advisories/2007/4215

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for NVD:CVE-2007-6433

veracode1 cve1 cvelist1 prion1 nessus2 redhat1