3 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. • https://talend.com https://www.talend.com/security/incident-response/#CVE-2023-31444 •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. Una vulnerabilidad de Control Inapropiado de los Recursos de Código Administrados Dinámicamente en Crafter Studio de Crafter CMS, permite a los desarrolladores autenticados ejecutar comandos de Sistema Operativo por medio de los objetos expuestos de la plantilla FreeMarker. Este problema afecta a: Crafter Software Crafter CMS versiones 3.0 anteriores a 3.0.27; versiones 3.1 anteriores a 3.1.7 • https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. Una vulnerabilidad de Control Inapropiado de Recursos de Código Administrado Dinámicamente en Crafter Studio de Crafter CMS, permite a desarrolladores autenticados ejecutar comandos de Sistema Operativo por medio de scripting Groovy. Este problema afecta a: Crafter Software Crafter CMS versiones 3.0 anteriores a 3.0.27; versiones 3.1 anteriores a 3.1.7 • https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080101 • CWE-913: Improper Control of Dynamically-Managed Code Resources •