CWE-CWE-470 CVE

Filtered by CWE-470

Total 25 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-31522	1 Apache	1 Kylin	2022-01-12	7.5 HIGH	9.8 CRITICAL
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
CVE-2020-7857	1 Tobesoft	1 Xplatform	2021-04-29	7.5 HIGH	9.8 CRITICAL
A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280.
CVE-2019-20635	1 Intland	1 Codebeamer	2020-08-24	4.3 MEDIUM	6.1 MEDIUM
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
CVE-2019-3834	1 Redhat	1 Jboss Operations Network	2019-10-10	6.8 MEDIUM	7.3 HIGH
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.
CVE-2018-5511	3 F5, Microsoft, Vmware	17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more	2019-10-03	6.5 MEDIUM	7.2 HIGH
On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced.

Vulnerabilities (CVE)