CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

196 vulnerabilities with CWE-917
CVE-2020-7182 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via SSH Config Expression Language Injection
CVSS 8.8
CVE-2020-7181 HIGH
HPE Intelligent Management Center < 7.3 - Expression Language Injection via SMS Rules Download
CVSS 8.8
CVE-2020-7180 HIGH
HPE Intelligent Management Center < 7.3 - Expression Language Injection via ictexpertdownload
CVSS 8.8
CVE-2020-7179 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2020-7178 HIGH
HPE Intelligent Management Center < 7.3 - Expression Language Injection Remote Code Execution
CVSS 8.8
CVE-2020-7177 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via wmiconfigcontent Expression Language Injection
CVSS 8.8
CVE-2020-7176 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2020-7175 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2020-7174 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via SOAP Config Content Expression Language Injection
CVSS 8.8
CVE-2020-7173 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2020-7172 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via TemplateSelect Expression Language Injection
CVSS 9.8
CVE-2020-7171 CRITICAL
HPE Intelligent Management Center < 7.3 - Expression Language Injection Remote Code Execution via guidatadetail
CVSS 9.8
CVE-2020-7170 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7169 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7168 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7167 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via QuickTemplateSelect Expression Language Injection
CVSS 9.8
CVE-2020-7166 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7165 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7164 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7163 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7162 CRITICAL
HPE Intelligent Management Center < 7.3 - Expression Language Injection via operatorgroupselectcontent
CVSS 9.8
CVE-2020-7161 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7160 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7159 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7158 CRITICAL
HPE Intelligent Management Center < 7.3 - Expression Language Injection via perfselecttask
CVSS 9.8
Details
Vulnerabilities 196
Links
MITRE CWE Entry Search this CWE With Exploits