[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6433Date: (C)2007-12-18   (M)2023-12-22


The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-26850
SECUNIA-28077
OSVDB-42631
ADV-2007-4215
RHSA-2008:0151
RHSA-2008:0158
RHSA-2008:0213
http://jira.jboss.com/jira/browse/JBSEAM-2084
http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866

CWE    1
CWE-20

© SecPod Technologies