Vulnerabilities > Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-19 | CVE-2020-24651 | Expression Language Injection vulnerability in HP Intelligent Management Center A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
| 2020-10-19 | CVE-2020-24650 | Expression Language Injection vulnerability in HP Intelligent Management Center A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | 10.0 |
| 2020-08-20 | CVE-2020-15146 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 6.5 |
| 2020-08-20 | CVE-2020-15143 | Expression Language Injection vulnerability in Sylius Syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. | 6.5 |
| 2020-06-16 | CVE-2020-9296 | Expression Language Injection vulnerability in Netflix Conductor Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. | 9.8 |
| 2020-05-20 | CVE-2020-3956 | Expression Language Injection vulnerability in VMWare Vcloud Director VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. | 6.5 |
| 2020-04-01 | CVE-2020-10199 | Expression Language Injection vulnerability in Sonatype Nexus Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2). | 8.8 |
| 2020-01-15 | CVE-2019-16469 | Expression Language Injection vulnerability in Adobe Experience Manager 6.5.0 Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. | 5.0 |
| 2019-06-05 | CVE-2019-11986 | Expression Language Injection vulnerability in HP Intelligent Management Center A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 9.0 |
| 2019-06-05 | CVE-2019-11985 | Expression Language Injection vulnerability in HP Intelligent Management Center A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | 9.0 |