ByteOS Network

Vulnerability Details :

CVE-2022-26111

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-25 Apr, 2022 | 14:38

Updated At-03 Aug, 2024 | 04:56

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:25 Apr, 2022 | 14:38

Updated At:03 Aug, 2024 | 04:56

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://varsnext.iriscorporate.com/	x_refsource_MISC
https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf	x_refsource_MISC

Hyperlink: https://varsnext.iriscorporate.com/

Resource:

x_refsource_MISC

Hyperlink: https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://varsnext.iriscorporate.com/	x_refsource_MISC x_transferred
https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf	x_refsource_MISC x_transferred

Hyperlink: https://varsnext.iriscorporate.com/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:25 Apr, 2022 | 15:15

Updated At:08 Aug, 2023 | 14:21

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 9.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:S/C:C/I:C/A:C

CPE Matches

Canon Inc.

>>irisnext>>Versions up to 9.8.28(inclusive)

cpe:2.3:a:canon:irisnext:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-917	Primary	nvd@nist.gov

CWE ID: CWE-917

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf	cve@mitre.org	Exploit Third Party Advisory
https://varsnext.iriscorporate.com/	cve@mitre.org	Product Vendor Advisory

Hyperlink: https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2022-26111.pdf

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://varsnext.iriscorporate.com/

Source: cve@mitre.org

Resource:

Product

Vendor Advisory

Similar CVEs

85Records found

CVE-2019-5379

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:50

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5365

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:44

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5345

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:15

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5371

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:46

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5386

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:53

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5362

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:42

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5378

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:50

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5388

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:55

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5384

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:52

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5343

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:14

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5354

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:38

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5360

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:41

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5346

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:15

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5364

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:43

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5342

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:13

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5348

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:16

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5381

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:51

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5351

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:18

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-5380

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:51

Updated-04 Aug, 2024 | 19:54

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2023-32200

Matching Score-4

Assigner-Apache Software Foundation

View Details

Matching Score-4

Assigner-Apache Software Foundation

CVSS Score-8.8||HIGH

EPSS-0.64% / 69.49%

7 Day CHG~0.00%

Published-12 Jul, 2023 | 07:49

Updated-07 Oct, 2024 | 20:35

Apache Jena: Exposure of execution in script engine expressions.

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0.

Vendor-The Apache Software Foundation

Product-jena Apache Jena jena

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11965

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:19

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11964

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:19

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11958

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:09

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11953

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:07

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11962

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:14

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11986

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:20

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11943

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:57

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11954

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:07

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11963

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:14

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11955

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 15:08

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2019-11948

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.68% / 81.41%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 14:59

Updated-04 Aug, 2024 | 23:10

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (IMC) PLAT

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2020-7799

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.2||HIGH

EPSS-72.74% / 98.72%

7 Day CHG~0.00%

Published-28 Jan, 2020 | 12:46

Updated-04 Aug, 2024 | 09:41

An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates.

Vendor-fusionauth n/a

Product-fusionauth n/a

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2020-7183

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.33% / 79.17%

7 Day CHG~0.00%

Published-19 Oct, 2020 | 17:45

Updated-04 Aug, 2024 | 09:25

A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (iMC)

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2020-7192

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.33% / 79.17%

7 Day CHG~0.00%

Published-19 Oct, 2020 | 17:46

Updated-04 Aug, 2024 | 09:25

A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (iMC)

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2020-7194

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

View Details

Matching Score-4

Assigner-Hewlett Packard Enterprise (HPE)

CVSS Score-8.8||HIGH

EPSS-1.33% / 79.17%

7 Day CHG~0.00%

Published-19 Oct, 2020 | 17:47

Updated-04 Aug, 2024 | 09:25

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

Vendor-n/a HP Inc.

Product-intelligent_management_center HPE Intelligent Management Center (iMC)

CWE ID-CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVE-2022-26111

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs