Lucene search

[email protected]NVD:CVE-2007-6433

HistoryDec 18, 2007 - 8:46 p.m.

CVE-2007-6433

2007-12-1820:46:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.016

Percentile

87.7%

JSON

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

Affected configurations

Nvd

Node

jbossseamRange≤2.0.0cr2

VendorProductVersionCPE
jbossseam*cpe:2.3:a:jboss:seam:*:cr2:*:*:*:*:*:*

Vendor	Product	Version	CPE
jboss	seam	*	cpe:2.3:a:jboss:seam::cr2::::::*

References

jira.jboss.com/jira/browse/JBSEAM-2084

osvdb.org/42631

secunia.com/advisories/28077

sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

www.redhat.com/support/errata/RHSA-2008-0151.html

www.redhat.com/support/errata/RHSA-2008-0158.html

www.redhat.com/support/errata/RHSA-2008-0213.html

www.securityfocus.com/bid/26850

www.vupen.com/english/advisories/2007/4215

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.016

Percentile

87.7%

JSON

Related for NVD:CVE-2007-6433

cve1 veracode1 cvelist1 prion1 redhat1 nessus2