CVE-2016-0760
https://notcve.org/view.php?id=CVE-2016-0760
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions. Múltiples vulnerabilidades de lista negra incompleta en Apache Sentry en versiones anteriores a 1.7.0 permiten a usuarios remotos autenticados ejecutar código arbitrario a través de las funciones embebidas Hive (1) reflect, (2) reflect2, o (3) java_method. • http://mail-archives.apache.org/mod_mbox/sentry-dev/201608.mbox/%3CCACMN7ixDqDyOZGLEvsMUVHBiJ6crq8zdy%2B2mNfRooNhnk7CJ1g%40mail.gmail.com%3E http://www.securityfocus.com/bid/92328 • CWE-284: Improper Access Control •
CVE-2014-1409 – MobileIron VSP / Sentry Authentication Bypass
https://notcve.org/view.php?id=CVE-2014-1409
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords MobileIron VSP versiones anteriores a la versión 5.9.1 y Sentry versiones anteriores a la versión 5.0, tienen una vulnerabilidad de omisión de autenticación debido a un archivo XML con contraseñas ofuscadas. MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 suffer from password obfuscation and XPath injection vulnerabilities. • http://seclists.org/fulldisclosure/2014/Apr/21 https://exchange.xforce.ibmcloud.com/vulnerabilities/92351 https://packetstormsecurity.com/files/cve/CVE-2014-1409 • CWE-91: XML Injection (aka Blind XPath Injection) •