Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23256

HistoryApr 10, 2020 - 12:20 a.m.

Arbitrary EJB QL Command Execution

2020-04-1000:20:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

EPSS

0.016

Percentile

87.7%

jbossas is vulnerable to arbitrary EJB QL command execution. The vulnerability exists as the setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise JavaBeans Query Language (EJB QL) commands via the order parameter.

References

jira.jboss.com/jira/browse/JBSEAM-2084

osvdb.org/42631

redhat.com/docs/manuals/jboss/jboss-eap-4.2.0.cp02/readme.html

secunia.com/advisories/28077

sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

www.redhat.com/security/updates/classification/#moderate

www.redhat.com/support/errata/RHSA-2008-0151.html

www.redhat.com/support/errata/RHSA-2008-0158.html

www.redhat.com/support/errata/RHSA-2008-0213.html

www.securityfocus.com/bid/26850

www.vupen.com/english/advisories/2007/4215

access.redhat.com/errata/RHSA-2008:0151

EPSS

0.016

Percentile

87.7%

Related for VERACODE:23256

cve1 cvelist1 nvd1 prion1 redhat1 nessus2