CVE-2022-26111

HIGH Year: 2022
CVSS v3 Score
8.8
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-917
View all →

Vulnerability Description

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server.

Related Vulnerabilities

CVE-2010-1871

HIGH
CVSS:8.8(High)

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows rem...

CWE-9172010

CVE-2019-11942

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-11943

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-11948

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-11951

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019

CVE-2019-11952

HIGH
CVSS:8.8(High)

A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.

CWE-9172019