CWE-917— Improper Neutralization of Special Elements Used in an Expression Language Statement (EL Injection)
187 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-917page 1 of 4
- CVE-2010-1871HIGHCVSS 8.8EG 9.0⚠ KEV2010-08-05
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code…
- CVE-2018-12532CRITICALCVSS 9.8EG 9.82018-06-18
JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
- CVE-2018-12533CRITICALCVSS 9.8EG 9.82018-06-18
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResourc…
- CVE-2018-16621HIGHCVSS 7.2EG 7.22018-11-15
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
- CVE-2019-11628HIGHCVSS 8.2EG 6.52019-05-01
An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: Febr…
- CVE-2019-11942HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11943HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11948HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11949CRITICALCVSS 9.8EG 9.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11951HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11952HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11953HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11954HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11955HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11958HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11959HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11960HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11961HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11962HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11963HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11964HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11965HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11969HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11985HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-11986HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-12822HIGHCVSS 7.5EG 7.52019-06-14
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
- CVE-2019-16469HIGHCVSS 7.5EG 7.52020-01-15
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure.
- CVE-2019-5342HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5343HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5344HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5345HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5346HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5348HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5349HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5351HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5352CRITICALCVSS 9.8EG 9.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5353HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5354HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5355HIGHCVSS 7.5EG 7.52019-06-05
A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5358CRITICALCVSS 9.8EG 9.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5359HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5360HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5361HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5362HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5363HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5364HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5365HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5366HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5370HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
- CVE-2019-5371HIGHCVSS 8.8EG 8.82019-06-05
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
Map vulnerabilities like CWE-917 to your infrastructure
EchelonGraph correlates every CVE — across CWE-917 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →