6.1
CVE-2019-20635
- EPSS 0.39%
- Veröffentlicht 02.04.2020 16:15:14
- Zuletzt bearbeitet 21.11.2024 04:38:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LogincodeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Intland ≫ Codebeamer Version <= 9.4.0
Intland ≫ Codebeamer Version9.5.0 Updaterc2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.591 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.