CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

196 vulnerabilities with CWE-917
CVE-2020-7157 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7156 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7155 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7154 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7153 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via iccselectdevtype Expression Language Injection
CVSS 9.8
CVE-2020-7152 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7151 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7150 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7149 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7148 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7147 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7146 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7145 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7144 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7143 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-7142 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Eventinfo Content Expression Language Injection
CVSS 9.8
CVE-2020-7141 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2020-24652 CRITICAL
HPE Intelligent Management Center <7.3 - RCE
CVSS 9.8
CVE-2020-24651 CRITICAL
HPE Intelligent Management Center <7.3 - RCE
CVSS 9.8
CVE-2020-24650 CRITICAL
HPE Intelligent Management Center <PLAT 7.3 - RCE
CVSS 9.8
CVE-2020-15146 CRITICAL
SyliusResourceBundle <1.3.14-1.6.4 - RCE
CVSS 9.6
CVE-2020-15143 HIGH
SyliusResourceBundle <1.3.14-1.6.4 - RCE
CVSS 7.7
CVE-2020-9297 CRITICAL
Netflix Titus < 0.1.1-rc.274 - Expression Language Injection via Constraint Violation Error Message
CVSS 9.8
CVE-2020-9296 CRITICAL
Netflix Conductor < 2.25.3 & conductor-core < 2.25.4 - Expression Language Injection
CVSS 9.8
CVE-2020-3956 HIGH
VMware Cloud Director 9.5.0.0-9.5.0.5 - Authenticated Remote Code Execution via Expression Language Injection
CVSS 8.8
Details
Vulnerabilities 196
Links
MITRE CWE Entry Search this CWE With Exploits