Back
CVE-2010-1871
HIGH
CISA KEV
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
Published: Aug 5, 2010
Modified: Apr 22, 2026
CWE-917
CWE-917
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products (4)
| Vendor | Product | Version |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 4.3.0 |
| netapp | oncommand_balance | - |
| netapp | oncommand_insight | - |
| netapp | oncommand_unified_manager | - |
References (17)
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html Broken Link
- http://www.redhat.com/support/errata/RHSA-2010-0564.html Broken Link
- http://www.securityfocus.com/bid/41994 Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1024253 Broken Link, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2010/1929 Broken Link, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=615956 Issue Tracking
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794 Third Party Advisory, VDB Entry
- https://security.netapp.com/advisory/ntap-20161017-0001/ Third Party Advisory
- http://archives.neohapsis.com/archives/bugtraq/2013-05/0117.html Broken Link
- http://www.redhat.com/support/errata/RHSA-2010-0564.html Broken Link
- http://www.securityfocus.com/bid/41994 Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1024253 Broken Link, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2010/1929 Broken Link, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=615956 Issue Tracking
- https://exchange.xforce.ibmcloud.com/vulnerabilities/60794 Third Party Advisory, VDB Entry
Risk Scores
CVSS Score
8.8 / 10
EPSS Score
93.54%
Top 0% most likely to be exploited
Threat Score
93.3 / 100
CISA Known Exploited
Date Added:
2021-12-10
Due Date:
2022-06-10
Required Action:
Apply updates per vendor instructions.
Data Sources
NVD
CISA KEV
EPSS