CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

180 vulnerabilities with CWE-917
CVE-2020-7191 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7190 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7189 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7188 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7187 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7186 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7185 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7184 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7183 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7182 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7181 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7180 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7179 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7178 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7177 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7176 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7175 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7174 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7173 HIGH
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 8.8
CVE-2020-7172 CRITICAL
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
CVE-2020-7171 CRITICAL
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
CVE-2020-7170 CRITICAL
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
CVE-2020-7169 CRITICAL
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
CVE-2020-7168 CRITICAL
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
CVE-2020-7167 CRITICAL
HP Intelligent Management Center < 7.3 - Remote Code Execution
CVSS 9.8
Details
Vulnerabilities 180
Links
MITRE CWE Entry Search this CWE With Exploits