CVE-2019-20635

EPSS 0.85%
Veröffentlicht 02.04.2020 16:15:14
Zuletzt bearbeitet 21.11.2024 04:38:55
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Intland ≫ Codebeamer Version <= 9.4.0

Intland ≫ Codebeamer Version9.5.0 Updaterc2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.85%	0.535

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

https://codebeamer.com/cb/wiki/7372223

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-20635

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-20635

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-20635

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-20635