Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
| 2018-04-13 | CVE-2018-5511 | Unsafe Reflection vulnerability in multiple products On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. | 6.5 |
| 2018-01-10 | CVE-2017-7536 | Unsafe Reflection vulnerability in Redhat products In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. | 7.0 |
| 2004-12-31 | CVE-2004-2331 | Unsafe Reflection vulnerability in Macromedia Coldfusion 6.1 ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | 5.5 |