CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

61 vulnerabilities with CWE-470
CVE-2020-7857 HIGH
Tobesoft XPlatform <9.2.2.280 - RCE
CVSS 7.5
CVE-2019-20635 MEDIUM
codeBeamer <9.5.0-RC3 - Code Injection
CVSS 6.1
CVE-2019-10174 HIGH
Infinispan < 8.2.12 - Unsafe Reflection via ReflectionUtil invokeAccessibly Method
CVSS 8.8
CVE-2019-3834 HIGH
JBoss Operations Network 3.2.1-3.3.10 - Unsafe Reflection via ClassLoader Manipulation
CVSS 7.3
CVE-2019-1003041 CRITICAL
Jenkins Pipeline: Groovy Plugin <2.64 - Privilege Escalation
CVSS 9.8
CVE-2019-1003040 CRITICAL
Jenkins Script Security Plugin <1.55 - Privilege Escalation
CVSS 9.8
CVE-2018-25239 MEDIUM
Smart VPN 1.1.3.0 Denial of Service via Search
CVSS 6.2
CVE-2018-1000613 CRITICAL
Bouncy Castle Java Cryptography APIs <1.60 - Unsafe Reflection in XMSS/XMSS^MT Private Key Deserialization
CVSS 9.8
CVE-2018-5511 HIGH
F5 BIG-IP <13.1.0.3 - Privilege Escalation
CVSS 7.2
CVE-2017-7536 HIGH
Hibernate Validator <5.2.5-5.4.x - Privilege Escalation
CVSS 7.0
CVE-2004-2331 MEDIUM
ColdFusion MX 6.1-6.1 - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 61
Links
MITRE CWE Entry Search this CWE With Exploits