Lucene search
Veracode Vulnerability DatabaseVERACODE:41732HistoryJul 26, 2023 - 10:23 a.m.
Remote Code Execution (RCE)
2023-07-2610:23:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
remote code execution
user permissions
sparql query
malicious code
system security
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
60.1%
org.apache.jena:jena is vulnerable to Remote Code Execution (RCE). Lack of proper checking for user permissions in script functions allows an attacker to upload and execute malicious code on the system via a SPARQL query.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache jena | le | 4.8.0 | |
| apache jena | le | 4.8.0 |
Related
cve
cve
CVE-2023-32200
2023-07-12 08:15:10
debiancve
debiancve
CVE-2023-32200
2023-07-12 08:15:10
prion
prion
Authorization
2023-07-12 08:15:00
ubuntucve
ubuntucve
CVE-2023-32200
2023-07-12 00:00:00
cvelist
cvelist
github
github
Apache Jena Expression Language Injection vulnerability
2023-07-12 09:30:53
ibm
ibm
nvd
nvd
CVE-2023-32200
2023-07-12 08:15:10
cnvd
cnvd
Apache Jena Code Execution Vulnerability
2023-07-14 00:00:00
osv
osv
Apache Jena Expression Language Injection vulnerability
2023-07-12 09:30:53
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
60.1%
Related for VERACODE:41732