CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44549 – SMTPS server hostname not checked when making TLS connection to SMTPS server
https://notcve.org/view.php?id=CVE-2021-44549
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. • https://lists.apache.org/thread/l8p9h2bqvkj6rhv4w8kzctb817415b7f • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1949
https://notcve.org/view.php?id=CVE-2020-1949
Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks. Scripts en Sling CMS versiones anteriores a 0.16.0, no se escapan apropiadamente al Sling Selector a partir de las URL cuando se generan elementos de navegación para las consolas administrativas y son vulnerables a los ataques de tipo XSS reflejados. • https://s.apache.org/CVE-2020-1949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15717
https://notcve.org/view.php?id=CVE-2017-15717
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0. Un defecto en la manera en la que se escapan y codifican las URL en org.apache.sling.xss.impl.XSSAPIImpl#getValidHref y org.apache.sling.xss.impl.XSSFilterImpl#isValidHref permite que se pasen URL especialmente manipuladas como válidas, aunque porten cargas útiles XSS. Las versiones afectadas son Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 y Apache Sling XSS Protection API 2.0.0. • https://s.apache.org/CVE-2017-15717 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3353
https://notcve.org/view.php?id=CVE-2012-3353
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader El XmlReader Apache Sling JCR ContentLoader 2.1.4, empleado en el módulo de carga de contenido Sling JCR posibilita la importación de archivos arbitrarios en el repositorio de contenidos, incluyendo archivos locales. Esto provoca fugas de información potenciales. Los usuarios deberían actualizar a la versión 2.1.6 de JCR ContentLoader • https://issues.apache.org/jira/browse/SLING-2512 https://lists.apache.org/thread.html/50994d80dd5cf93f1365dacfcaecf5c12f1efe522c4ff6040b3c521a%40%3Cdev.sling.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15700
https://notcve.org/view.php?id=CVE-2017-15700
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. Una vulnerabilidad en el método org.apache.sling.auth.core.AuthUtil#isRedirectValid en Apache Sling Authentication Service 1.4.0 permite que un atacante engañe a una víctima para que envíe sus credenciales a través del formulario de inicio de sesión de Sling. • https://lists.apache.org/thread.html/182bed1dd6933824a81cc5f07639eeb813fbd8f2cc49d51b452ab621%40%3Cdev.sling.apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •