Page 2 of 7 results (0.009 seconds)

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions. Múltiples vulnerabilidades de lista negra incompleta en Apache Sentry en versiones anteriores a 1.7.0 permiten a usuarios remotos autenticados ejecutar código arbitrario a través de las funciones embebidas Hive (1) reflect, (2) reflect2, o (3) java_method. • http://mail-archives.apache.org/mod_mbox/sentry-dev/201608.mbox/%3CCACMN7ixDqDyOZGLEvsMUVHBiJ6crq8zdy%2B2mNfRooNhnk7CJ1g%40mail.gmail.com%3E http://www.securityfocus.com/bid/92328 • CWE-284: Improper Access Control •

CVSS: 9.1EPSS: 18%CPEs: 2EXPL: 1

MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords MobileIron VSP versiones anteriores a la versión 5.9.1 y Sentry versiones anteriores a la versión 5.0, tienen una vulnerabilidad de omisión de autenticación debido a un archivo XML con contraseñas ofuscadas. MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 suffer from password obfuscation and XPath injection vulnerabilities. • http://seclists.org/fulldisclosure/2014/Apr/21 https://exchange.xforce.ibmcloud.com/vulnerabilities/92351 https://packetstormsecurity.com/files/cve/CVE-2014-1409 • CWE-91: XML Injection (aka Blind XPath Injection) •