github - ghsa-9vxv-w3hg-m494

ghsa-9vxv-w3hg-m494

Vulnerability from github

Published

2022-05-01 18:42

Modified

2022-05-01 18:42

Details

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-6433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-18T20:46:00Z",
    "severity": "HIGH"
  },
  "details": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.",
  "id": "GHSA-9vxv-w3hg-m494",
  "modified": "2022-05-01T18:42:51Z",
  "published": "2022-05-01T18:42:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6433"
    },
    {
      "type": "WEB",
      "url": "http://jira.jboss.com/jira/browse/JBSEAM-2084"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/42631"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28077"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26850"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cve-2007-6433

Vulnerability from cvelistv5

Published

2007-12-18 20:00

Modified

2024-08-07 16:02

Severity

Summary

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.

References

URL	Tags
http://sourceforge.net/project/shownotes.php?release_id=549490&group_id=22866	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0213.html	vendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0151.html	vendor-advisory, x_refsource_REDHAT
http://jira.jboss.com/jira/browse/JBSEAM-2084	x_refsource_CONFIRM
http://www.securityfocus.com/bid/26850	vdb-entry, x_refsource_BID
http://osvdb.org/42631	vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/4215	vdb-entry, x_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2008-0158.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/28077	third-party-advisory, x_refsource_SECUNIA

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:02:36.381Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866"
          },
          {
            "name": "RHSA-2008:0213",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"
          },
          {
            "name": "RHSA-2008:0151",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/JBSEAM-2084"
          },
          {
            "name": "26850",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26850"
          },
          {
            "name": "42631",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42631"
          },
          {
            "name": "ADV-2007-4215",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4215"
          },
          {
            "name": "RHSA-2008:0158",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"
          },
          {
            "name": "28077",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28077"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-04-08T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866"
        },
        {
          "name": "RHSA-2008:0213",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"
        },
        {
          "name": "RHSA-2008:0151",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/JBSEAM-2084"
        },
        {
          "name": "26850",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26850"
        },
        {
          "name": "42631",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42631"
        },
        {
          "name": "ADV-2007-4215",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4215"
        },
        {
          "name": "RHSA-2008:0158",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"
        },
        {
          "name": "28077",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28077"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6433",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?release_id=549490\u0026group_id=22866"
            },
            {
              "name": "RHSA-2008:0213",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0213.html"
            },
            {
              "name": "RHSA-2008:0151",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0151.html"
            },
            {
              "name": "http://jira.jboss.com/jira/browse/JBSEAM-2084",
              "refsource": "CONFIRM",
              "url": "http://jira.jboss.com/jira/browse/JBSEAM-2084"
            },
            {
              "name": "26850",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26850"
            },
            {
              "name": "42631",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42631"
            },
            {
              "name": "ADV-2007-4215",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4215"
            },
            {
              "name": "RHSA-2008:0158",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0158.html"
            },
            {
              "name": "28077",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28077"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6433",
    "datePublished": "2007-12-18T20:00:00",
    "dateReserved": "2007-12-18T00:00:00",
    "dateUpdated": "2024-08-07T16:02:36.381Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.