Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2021-28170 | Expression Language Injection vulnerability in multiple products In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | 5.3 |
| 2020-12-11 | CVE-2020-17530 | Expression Language Injection vulnerability in multiple products Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. | 9.8 |
| 2020-10-19 | CVE-2020-7195 | Expression Language Injection vulnerability in HP Intelligent Management Center A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7194 | Expression Language Injection vulnerability in HP Intelligent Management Center A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7193 | Expression Language Injection vulnerability in HP Intelligent Management Center A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7192 | Expression Language Injection vulnerability in HP Intelligent Management Center A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7191 | Expression Language Injection vulnerability in HP Intelligent Management Center A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7190 | Expression Language Injection vulnerability in HP Intelligent Management Center A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7189 | Expression Language Injection vulnerability in HP Intelligent Management Center A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |
| 2020-10-19 | CVE-2020-7188 | Expression Language Injection vulnerability in HP Intelligent Management Center A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 8.8 |