CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-1871

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.939

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

Proposed Action

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

Ransomware Campaign

Unknown

References

Products affected by CVE-2010-1871

Netapp » Oncommand Balance » Version: N/A

cpe:2.3:a:netapp:oncommand_balance:-
Netapp » Oncommand Insight » Version: N/A

cpe:2.3:a:netapp:oncommand_insight:-
Netapp » Oncommand Unified Manager » Version: N/A

cpe:2.3:a:netapp:oncommand_unified_manager:-
Redhat » Jboss Enterprise Application Platform » Version: 4.3.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0
Redhat » Enterprise Linux » Version: 4

cpe:2.3:o:redhat:enterprise_linux:4
Redhat » Enterprise Linux » Version: 5

cpe:2.3:o:redhat:enterprise_linux:5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-1871

Products

Pricing

Contact Us