CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20635
https://notcve.org/view.php?id=CVE-2019-20635
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields. codeBeamer versiones anteriores a 9.5.0-RC3, no restringe apropiadamente la capacidad de ejecutar código Java personalizado y acceder al cargador de clases Java por medio de campos calculados. • https://codebeamer.com/cb/wiki/7372223 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19913 – codeBeamer 9.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19913
In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter. En Intland codeBeamer ALM versiones 9.5 y anteriores, presenta una vulnerabilidad de tipo XSS almacenado por medio del parámetro Trackers Title. codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2020/Apr/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19912 – codeBeamer 9.5 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2019-19912
In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file. En Intland codeBeamer ALM versiones 9.5 y anteriores, una vulnerabilidad de tipo cross-site scripting (XSS) en la funcionalidad Upload Flash File permite a atacantes remotos autenticados inyectar scripts arbitrarios por medio de un script activo insertado en un archivo SWF. codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/156951/codeBeamer-9.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •