Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

DATE CVE VULNERABILITY TITLE RISK
2018-07-09 CVE-2018-1000613 Unsafe Reflection vulnerability in multiple products
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.
network
low complexity
bouncycastle netapp opensuse oracle CWE-470
critical
9.8
2018-04-13 CVE-2018-5511 Unsafe Reflection vulnerability in multiple products
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.
network
low complexity
f5 vmware CWE-470
7.2
2018-01-10 CVE-2017-7536 Unsafe Reflection vulnerability in Redhat products
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur.
local
high complexity
redhat CWE-470
7.0
2004-12-31 CVE-2004-2331 Unsafe Reflection vulnerability in Macromedia Coldfusion 6.1
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
local
low complexity
macromedia CWE-470
5.5