Lucene search

[email protected]CVE-2007-6433

HistoryDec 18, 2007 - 8:46 p.m.

CVE-2007-6433

2007-12-1820:46:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-6433

jboss seam

remote code injection

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

Affected configurations

NVD

Node

jbossseamRange≤2.0.0cr2

CPENameOperatorVersion
jboss:seamjboss seamle2.0.0

CPE	Name	Operator	Version
jboss:seam	jboss seam	le	2.0.0

References

jira.jboss.com/jira/browse/JBSEAM-2084

osvdb.org/42631

secunia.com/advisories/28077

sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

www.redhat.com/support/errata/RHSA-2008-0151.html

www.redhat.com/support/errata/RHSA-2008-0158.html

www.redhat.com/support/errata/RHSA-2008-0213.html

www.securityfocus.com/bid/26850

www.vupen.com/english/advisories/2007/4215

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2007-6433

nvd1 cvelist1 veracode1 prion1 nessus2 redhat1