Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

DATE CVE VULNERABILITY TITLE RISK
2020-10-19 CVE-2020-7142 Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3
A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-917
critical
 9.8
9.8
2020-10-19 CVE-2020-7141 Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3
A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-917
critical
 9.8
9.8
2020-10-19 CVE-2020-24652 Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3
A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-917
critical
 9.8
9.8
2020-10-19 CVE-2020-24651 Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3
A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-917
critical
 9.8
9.8
2020-10-19 CVE-2020-24650 Expression Language Injection vulnerability in HP Intelligent Management Center 7.2/7.3
A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
network
low complexity
hp CWE-917
critical
 9.8
9.8
2020-08-20 CVE-2020-15146 Expression Language Injection vulnerability in Sylius Syliusresourcebundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.
network
low complexity
sylius CWE-917
8.8
8.8
2020-08-20 CVE-2020-15143 Expression Language Injection vulnerability in Sylius Syliusresourcebundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.
network
low complexity
sylius CWE-917
8.8
8.8
2020-07-14 CVE-2020-9297 Expression Language Injection vulnerability in Netflix Titus
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators.
network
low complexity
netflix CWE-917
critical
 9.8
9.8
2020-06-16 CVE-2020-9296 Expression Language Injection vulnerability in Netflix Conductor
Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators.
network
low complexity
netflix CWE-917
critical
 9.8
9.8
2020-05-20 CVE-2020-3956 Expression Language Injection vulnerability in VMWare Vcloud Director
VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability.
network
low complexity
vmware CWE-917
8.8
8.8