CVE-2020-14987

HIGH Year: 2020
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-74
View all →

Vulnerability Description

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab.

Related Vulnerabilities

CVE-2011-2538

HIGH
CVSS:7.2(High)

Cisco Video Communications Server (VCS) before X7.0.3 contains a command injection vulnerability which allows remote, authenticated attackers to execute arbitrary commands.

CWE-742011

CVE-2011-4558

HIGH
CVSS:7.2(High)

Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.

CWE-742011

CVE-2012-2931

HIGH
CVSS:7.2(High)

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.

CWE-742012

CVE-2017-18386

HIGH
CVSS:7.2(High)

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).

CWE-742017

CVE-2017-18387

HIGH
CVSS:7.2(High)

cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).

CWE-742017

CVE-2019-11073

HIGH
CVSS:7.2(High)

A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransa...

CWE-742019