CVSS: 5.3EPSS: 18%CPEs: 38EXPL: 0CVE-2013-6447 – Seam: XML eXternal Entity (XXE) flaw in remoting
https://notcve.org/view.php?id=CVE-2013-6447
20 Jan 2014 — Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allow remote attackers to read arbitrary files and possibly have other impacts via a crafted XML file. Múltiples vulnerabilidades de XXE en las clases (1) ExecutionHandler, (2) PollHandler, y (3) SubscriptionHandler en JBoss Seam Remoting de JBoss Seam 2 framework 2.3.1 y an... • http://rhn.redhat.com/errata/RHSA-2014-0045.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 38EXPL: 0CVE-2013-6448 – Seam: Information disclosure in remoting
https://notcve.org/view.php?id=CVE-2013-6448
20 Jan 2014 — The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors. El manejador InterfaceGenerator en JBoss Seam Remoting en JBoss Seam 2 framework 2.3.1 y anteriores versiones, tal como se usa en JBoss Web Framework Kit, permite a atacantes remotos evadir la restr... • http://rhn.redhat.com/errata/RHSA-2014-0045.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 37EXPL: 0CVE-2011-2196 – JBoss Seam EL interpolation in exception handling
https://notcve.org/view.php?id=CVE-2011-2196
27 Jul 2011 — jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerab... • http://www.redhat.com/support/errata/RHSA-2011-0945.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 35EXPL: 0CVE-2011-1484 – JBoss Seam privilege escalation caused by EL interpolation in FacesMessages
https://notcve.org/view.php?id=CVE-2011-1484
27 Jul 2011 — jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. jboss-seam.jar en el framework JBoss Seam 2 2.2.x y versiones ant... • http://www.redhat.com/support/errata/RHSA-2011-0460.html • CWE-264: Permissions, Privileges, and Access Controls •