NotCVE - vendor:"Craftercms" product:"Studio" version:" >= 3.1.0

3 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-31444

https://notcve.org/view.php?id=CVE-2023-31444

In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. • https://talend.com https://www.talend.com/security/incident-response/#CVE-2023-31444 •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-25803 – Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects.

https://notcve.org/view.php?id=CVE-2020-25803

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. Una vulnerabilidad de Control Inapropiado de los Recursos de Código Administrados Dinámicamente en Crafter Studio de Crafter CMS, permite a los desarrolladores autenticados ejecutar comandos de Sistema Operativo por medio de los objetos expuestos de la plantilla FreeMarker. Este problema afecta a: Crafter Software Crafter CMS versiones 3.0 anteriores a 3.0.27; versiones 3.1 anteriores a 3.1.7 • https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080102 • CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-25802 – Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting.

https://notcve.org/view.php?id=CVE-2020-25802

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting. This issue affects: Crafter Software Crafter CMS 3.0 versions prior to 3.0.27; 3.1 versions prior to 3.1.7. Una vulnerabilidad de Control Inapropiado de Recursos de Código Administrado Dinámicamente en Crafter Studio de Crafter CMS, permite a desarrolladores autenticados ejecutar comandos de Sistema Operativo por medio de scripting Groovy. Este problema afecta a: Crafter Software Crafter CMS versiones 3.0 anteriores a 3.0.27; versiones 3.1 anteriores a 3.1.7 • https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2020080101 • CWE-913: Improper Control of Dynamically-Managed Code Resources •