Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-04 | CVE-2020-1959 | Expression Language Injection vulnerability in Apache Syncope A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. | 9.8 |
| 2020-04-01 | CVE-2020-10199 | Expression Language Injection vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | 8.8 |
| 2020-01-28 | CVE-2020-7799 | Expression Language Injection vulnerability in Fusionauth An issue was discovered in FusionAuth before 1.11.0. | 7.2 |
| 2020-01-15 | CVE-2019-16469 | Expression Language Injection vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. | 7.5 |
| 2019-06-14 | CVE-2019-12822 | Expression Language Injection vulnerability in Embedthis Goahead In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself. | 7.5 |
| 2019-06-05 | CVE-2019-11986 | Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 8.8 |
| 2019-06-05 | CVE-2019-11985 | Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 8.8 |
| 2019-06-05 | CVE-2019-11969 | Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 8.8 |
| 2019-06-05 | CVE-2019-11965 | Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 8.8 |
| 2019-06-05 | CVE-2019-11964 | Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3 A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 8.8 |