CyberSec.Space Logo
Back to CVE Browser

CVE-2010-1871

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score41.9360%
EPSS Percentile85.75th
PublishedAug 5, 2010
Last ModifiedApr 22, 2026

Vulnerability Description

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Affected Platforms (CPE)

πŸ“¦
Redhat

Jboss Enterprise Application Platform

= 4.3.0
πŸ“¦
Netapp

Oncommand Balance

All versions
πŸ“¦
Netapp

Oncommand Insight

All versions
πŸ“¦
Netapp

Oncommand Unified Manager

All versions

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html
πŸ”— http://www.redhat.com/support/errata/RHSA-2010-0564.html
πŸ”— http://www.securityfocus.com/bid/41994
πŸ”— http://www.securitytracker.com/id?1024253
πŸ”— http://www.vupen.com/english/advisories/2010/1929
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=615956
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/60794
πŸ”— https://security.netapp.com/advisory/ntap-20161017-0001/

Related Vulnerabilities

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2017-121499.8

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in ...

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2016-54068.8

The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to...