665 matches found
Deserialization of untrusted data
A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by...
CVE-2022-20763
CVE-2022-20763 – Cisco Webex Meetings Java deserialization vulnerability . The issue affects the login authorization component of Cisco Webex Meetings, caused by improper deserialization of Java code in login requests. An authenticated, remote attacker could exploit this to inject arbitrary Java ...
CVE-2021-39114
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14....
Design/Logic Flaw
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14....
VulnCheck KEV: CVE-2014-3120
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...
Elasticsearch Remote Code Execution Vulnerability
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code...
Security Bulletin: Code execution vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1567)
Summary There is a potential remote code execution vulnerability in WebSphere Application Server which affects IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2018-1567 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to...
Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-5983
Summary A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center. IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. IBM Spectrum Control and...
GHSA-WFJ5-2MQR-7JVV Expression Language Injection in Netflix Conductor
Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...
Expression Language Injection in Netflix Conductor
Netflix Conductor uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being...
Security Bulletin: Vulnerability in Apache Log4j affects IBM Cloud Private (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library. The library is used by Elasticsearch, a dependency of IBM Cloud Private, for logging messages to files. This bulletin identifies the security fixes to apply to address the Log4Shell vulnerability CVE-2021-44228. Vulnerabili...
CVE-2021-34994
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider...
CVE-2021-34994
CVE-2021-34994 affects Commvault CommCell 11.22.22. The vulnerability resides in the DataProvider class, caused by lack of validation of a user-supplied string before executing it as JavaScript, allowing an attacker to escape the JavaScript sandbox and execute Java code in the NETWORK SERVICE con...
Security Bulletin: Vulnerability in Apache Log4j addressed in IBM Spectrum Symphony
Summary Log4j is used by IBM Spectrum Symphony for generating logs in some of its components. This bulletin provides patches for the Log4Shell vulnerability CVE-2021-44228 to IBM Spectrum Symphony. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker...
Security Bulletin: Log4JShell Vulnerability affects Watson Machine Learning in Cloud Pak for Data (CVE-2021-44228)
Summary Apache Log4j, used for logging in Watson Machine Learning in Cloud Pak for Data, is impacted by the Apache Log4j vulnerability CVE-2021-44228. Customers are encouraged to take quick action to update their systems. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could...
Security Bulletin: Log4JShell Vulnerability affects Watson Knowledge Catalog InstaScan (CVE-2021-44228)
Summary There is a vulnerability in the version of Apache Log4j that was included in Watson Knowledge Catalog InstaScan. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the...
Open-xchange OX App Suite Code Injection Vulnerability
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A code injection vulnerability exists in Open-xchange OX App Suite, which can be exploited by attacker...
Open-xchange OX App Suite 代码注入漏洞
Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A code injection vulnerability exists in Open-xchange OX App Suite, which can be exploited by attacker...
Commvault CommCell DataProvider JavaScript Sandbox Escape Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataProvider class. T...
Pentaho Business Analytics / Pentaho Business Server 9.1 Remote Code Execution Vulnerability
Pentaho allows users to create and run Pentaho Report Bundles .prpt. Users can create PRPT reports by utilizing the Pentaho Designer application and can include BeanShell Script functions to ease the production of complex reports. However, the BeanShell Script functions can allow for the executio...