CVE-2010-1871
HIGH KEVJBoss Seam 2 - RCE
Title source: llmDescription
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotejsp
https://www.exploit-db.com/exploits/36653
metasploit
WORKING POC
by guerrino di massa · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/jboss_seam_exec.rb
metasploit
WORKING POC
NORMAL
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jboss_seam_upload_exec.rb
References (9)
Scores
CVSS v3
8.8
EPSS
0.9364
EPSS Percentile
99.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2021-12-10
VulnCheck KEV
2011-07-30
InTheWild.io
2021-12-10
ENISA EUVD
EUVD-2010-1890
CWE
CWE-917
Status
published
Products (4)
netapp/oncommand_balance
netapp/oncommand_insight
netapp/oncommand_unified_manager
redhat/jboss_enterprise_application_platform
4.3.0
Published
Aug 05, 2010
KEV Added
Dec 10, 2021
Tracked Since
Feb 18, 2026