CWE-917

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

196 vulnerabilities with CWE-917
CVE-2019-5386 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5385 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5384 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5383 HIGH
HPE Intelligent Management Center (IMC) PLAT <7.3 - RCE
CVSS 8.8
CVE-2019-5382 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5381 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5380 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5379 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5378 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5377 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5373 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5372 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5371 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5370 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5366 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5365 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5364 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5363 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5362 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5361 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5360 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5359 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
CVE-2019-5358 CRITICAL
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 9.8
CVE-2019-5355 HIGH
HPE Intelligent Management Center PLAT < 7.3 E0506P09 - Remote Denial of Service
CVSS 7.5
CVE-2019-5354 HIGH
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Expression Language Injection
CVSS 8.8
Details
Vulnerabilities 196
Links
MITRE CWE Entry Search this CWE With Exploits