CVE-2020-7150

HPE Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07) is affected by CVE-2020-7150, a faultStatChooseFaultType expression language injection leading to remote code execution. The vulnerability resides in how the beanName parameter is handled in the faultStatChooseFaultType.xhtml endp...

CVE-2020-7149

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7147

A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7145

A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7144

A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7142

The CVE-2020-7142 issue affects Hewlett Packard Enterprise Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07). A vulnerability in the eventInfo_content.xhtml endpoint allows expression-language injection in the eventinfo_content parameter, enabling remote code execution. Affected comp...

CVE-2020-7141

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

CVE-2020-7141

Vulnerability: HPE Intelligent Management Center (iMC) prior to 7.3 (E0705P07) is affected by a remote code execution through adddevicetoview Expression Language Injection. Root cause (per ZDI): improper handling/validation of the beanName parameter in addDeviceToView.xhtml, enabling arbitrary co...

CVE-2020-24651

HPE Intelligent Management Center (iMC) before PLAT 7.3 (E0705P07) is affected by CVE-2020-24651. The issue is a syslogTempletSelectWin expression language injection in the SyslogTempletSelectWin.xhtml endpoint, enabling remote code execution with SYSTEM privileges. Exploitation details indicate ...

CVE-2020-24650

The CVE-2020-24650 issue affects HPE Intelligent Management Center (iMC) prior to PLAT 7.3 (E0705P07). It is a legend expression language injection vulnerability in the legend.xhtml handling of the beanName parameter, enabling remote code execution. Exploitation is described as network-based with...

hibernate-validator: Improper input validation in the interpolation of constraint error messages

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

hibernate-validator: Improper input validation in the interpolation of constraint error messages

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation escaping, stripping controls that developers may have put in place...

CVE-2020-15146

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

CVE-2020-15143

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

CVE-2020-15143

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

Remote code execution

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

Remote code execution

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...

GHSA-P4PJ-9G59-4PPV Remote Code Execution in SyliusResourceBundle

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

Remote Code Execution in SyliusResourceBundle

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

CVE-2020-15143

CVE-2020-15143 affects the SyliusResourceBundle. Affected versions are prior to 1.3.14, 1.4.7, 1.5.2 and 1.6.4, where request parameters injected into expressions evaluated by the Symfony expression-language package were not properly sanitized. This allows an attacker to access any public service...