Code injection

2021-03-1118:15:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.0%

JSON

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab.

CPENameOperatorVersion
experience_managerge14.1.0
experience_managerle14.2.2

CPE	Name	Operator	Version
	experience_manager	ge	14.1.0
	experience_manager	le	14.2.2

References

tvrbk.github.io/cve/2021/03/09/brXM.html