Lucene search
Veracode Vulnerability DatabaseVERACODE:33458HistoryDec 27, 2021 - 12:42 a.m.
Insecure Token
2021-12-2700:42:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
eap7
insecure token
vulnerability
elparsertokenmanager
EPSS
0.001
Percentile
38.1%
eap7 has insecure token. The vulnerability exists due to a bug in the ELParserTokenManager which enables invalid EL expressions to be evaluated as if they were valid.
References
access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
access.redhat.com/errata/RHSA-2021:5134
access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.10.0
access.redhat.com/security/updates/classification/#critical
access.redhat.com/security/vulnerabilities/RHSB-2021-009
bugzilla.redhat.com/show_bug.cgi?id=1965497
github.com/eclipse-ee4j/el-ri/issues/155
securitylab.github.com/advisories/GHSL-2020-021-jakarta-el/
www.oracle.com/security-alerts/cpuapr2022.html
Related
osv
osv
CVE-2021-28170
2021-05-26 22:15:07
Improper Input Validation in Jakarta Expression Language
2021-10-06 17:48:38
cve
cve
CVE-2021-28170
2021-05-26 22:15:07
debiancve
debiancve
CVE-2021-28170
2021-05-26 22:15:07
ubuntucve
ubuntucve
CVE-2021-28170
2021-05-26 00:00:00
prion
prion
Code injection
2021-05-26 22:15:00
redhatcve
redhatcve
CVE-2021-28170
2021-05-28 00:47:39
github
github
Improper Input Validation in Jakarta Expression Language
2021-10-06 17:48:38
nvd
nvd
CVE-2021-28170
2021-05-26 22:15:07
ibm
ibm
cvelist
cvelist
CVE-2021-28170
2021-05-26 21:55:09
nessus
nessus
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00