Lucene search

PRIOn knowledge basePRION:CVE-2007-6433

HistoryDec 18, 2007 - 8:46 p.m.

Design/Logic Flaw

2007-12-1820:46:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

CPENameOperatorVersion
seamle2.0.0

CPE	Name	Operator	Version
	seam	le	2.0.0

References

jira.jboss.com/jira/browse/JBSEAM-2084

osvdb.org/42631

secunia.com/advisories/28077

sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

www.redhat.com/support/errata/RHSA-2008-0151.html

www.redhat.com/support/errata/RHSA-2008-0158.html

www.redhat.com/support/errata/RHSA-2008-0213.html

www.securityfocus.com/bid/26850

www.vupen.com/english/advisories/2007/4215

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.2%

JSON

Related for PRION:CVE-2007-6433