CVE-2010-1871
critical-risk
Published 2010-08-05
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
Do I need to act?
!
93.7% chance of exploitation in next 30 days
EPSS score — higher than 6% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (4)
References (17)
Broken Link
http://www.securityfocus.com/bid/41994
Broken Link
http://www.securitytracker.com/id?1024253
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=615956
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
Third Party Advisory
https://security.netapp.com/advisory/ntap-20161017-0001/
Broken Link
http://www.securityfocus.com/bid/41994
Broken Link
http://www.securitytracker.com/id?1024253
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=615956
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
Third Party Advisory
https://security.netapp.com/advisory/ntap-20161017-0001/
74
/ 100
critical-risk
Severity
30/34 · Critical
Exploitability
34/34 · Critical
Exposure
10/34 · Low