CVE-2016-0710 – org.apache.portals.jetspeed-2:jetspeed

Package

Manager: maven
Name: org.apache.portals.jetspeed-2:jetspeed
Vulnerable Version: >=0 <2.3.1

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.81158 pctl0.99125

Details

Apache Jetspeed vulnerable to SQL Injection Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Metadata

Created: 2022-05-17T03:56:49Z
Modified: 2025-04-14T20:40:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-88f6-79x2-xqf3/GHSA-88f6-79x2-xqf3.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-88f6-79x2-xqf3
Finding: F297
Auto approve: 1