3 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. odata4j versión 0.7.0, permite una inyección SQL del archivo ExecuteCountQueryCommand.java. NOTA: este producto aparentemente está descontinuado. • https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. odata4j versión 0.7.0, permite una inyección SQL del archivo ExecuteJPQLQueryCommand.java. NOTA: este producto aparentemente está descontinuado. • https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint. Vulnerabilidad de entidad externa XML (XXE) en StaxXMLFactoryProvider2 en Odata4j, usado en Red Hat JBoss Data Virtualization anterior a 6.0.0 parche 4, permite a atacantes remotos leer archivos arbitrarios a través de peticiones modificadas a un endpoint REST. It was found that Odata4j permitted XML eXternal Entity (XXE) attacks. If a REST endpoint was deployed, a remote attacker could submit a request containing an external XML entity that, when resolved, allowed that attacker to read files on the application server in the context of the user running that server. • http://rhn.redhat.com/errata/RHSA-2015-0034.html https://issues.jboss.org/browse/TEIID-2911 https://access.redhat.com/security/cve/CVE-2014-0171 https://bugzilla.redhat.com/show_bug.cgi?id=1085555 • CWE-611: Improper Restriction of XML External Entity Reference •