Enterprise Security Api Security Vulnerabilities and Issues — Enterprise Security Api CVE List

Lucene search

OwaspEnterprise Security Api

4 matches found

CVE•added 2022/04/25 8:15 p.m.•861 views

CVE-2022-23457

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of Validator.getValidDirectoryPath(String, String, File, boolean) may incorrectly treat the tested input string as a child of the specifie...

9.8CVSS8.6AI score0.00233EPSS

CVE•added 2022/04/27 9:15 p.m.•799 views

CVE-2022-24891

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...

6.1CVSS5.7AI score0.00352EPSS

CVE•added 2013/09/30 5:9 p.m.•71 views

CVE-2013-5679

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protectio...

2.6CVSS6.5AI score0.00098EPSS

CVE•added 2013/09/30 5:9 p.m.•69 views

CVE-2013-5960

The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protect...

5.8CVSS6.4AI score0.00236EPSS