Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-19 | CVE-2020-24650 | Expression Language Injection vulnerability in HP Intelligent Management Center A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 9.8 |
| 2020-08-20 | CVE-2020-15146 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 8.8 |
| 2020-08-20 | CVE-2020-15143 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 8.8 |
| 2020-07-14 | CVE-2020-9297 | Expression Language Injection vulnerability in Netflix Titus Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. | 9.8 |
| 2020-06-16 | CVE-2020-9296 | Expression Language Injection vulnerability in Netflix Conductor Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. | 9.8 |
| 2020-05-20 | CVE-2020-3956 | Expression Language Injection vulnerability in VMWare Vcloud Director VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. | 8.8 |
| 2020-05-04 | CVE-2020-1959 | Expression Language Injection vulnerability in Apache Syncope A Server-Side Template Injection was identified in Apache Syncope prior to 2.1.6 enabling attackers to inject arbitrary Java EL expressions, leading to an unauthenticated Remote Code Execution (RCE) vulnerability. | 9.8 |
| 2020-04-01 | CVE-2020-10199 | Expression Language Injection vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | 8.8 |
| 2020-01-28 | CVE-2020-7799 | Expression Language Injection vulnerability in Fusionauth An issue was discovered in FusionAuth before 1.11.0. | 7.2 |
| 2020-01-15 | CVE-2019-16469 | Expression Language Injection vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. | 7.5 |