Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Acumonitor

This page lists 136 vulnerabilities in this category.

Critical: 17 High: 101 Medium: 17 Low: 1
Vulnerability Name
CVE
CWE
Severity
Apache Log4j socket receiver deserialization vulnerability
CVE-2017-5645
CWE-502
Critical
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
CVE-2023-38035
CWE-863
Critical
ActiveMQ OpenWire RCE (CVE-2023-46604)
CVE-2023-46604
CWE-502
Critical
GhostScript RCE (Remote Code Execution)
CVE-2016-3714
CWE-78
Critical
TorchServe Management API SSRF (CVE-2023-43654)
CVE-2023-43654
CWE-918
Critical
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
CVE-2023-40044
CWE-502
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
CVE-2023-38204
CWE-502
Critical
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-74
Critical
Apache Struts2 Remote Command Execution (S2-053)
CVE-2017-12611
CWE-94
Critical
Code Evaluation (Python)
-
CWE-95
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
Apache Struts2 remote code execution vulnerability
CVE-2016-0785
CWE-78
Critical
Code Evaluation (Perl)
-
CWE-94
Critical
Code Evaluation (Ruby)
-
CWE-94
Critical
Apache OFBiz SSRF (CVE-2024-45507)
CVE-2024-45507
CWE-918
Critical
SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)
CVE-2018-2393
CWE-611
High
RCE in SQL Server Reporting Services (SSRS)
CVE-2020-0618
CWE-78
High
HTTP/2 pseudo-header server side request forgery
-
CWE-918
High
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205
CWE-918
High
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)
CVE-2021-35464
CWE-502
High
Apache HTTP Server mod_proxy SSRF (CVE-2021-40438)
CVE-2021-40438
CWE-918
High
Zimbra Collaboration Suite SSRF (CVE-2020-7796)
CVE-2020-7796
CWE-918
High
Deserialization of Untrusted Data (XStream)
CVE-2020-26217
CWE-502
High
Sitecore XP Deserialization RCE (CVE-2021-42237)
CVE-2021-42237
CWE-502
High
Apache OFBiz SOAPService Deserialization RCE
CVE-2021-26295
CWE-502
High
Jolokia XML External Entity (XXE) vulnerability
-
CWE-611
High
Remote code execution of user-provided local names in Rails
CVE-2020-8163
CWE-94
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
CVE-2020-7961
CWE-78
High
Oracle E-Business Suite Deserialization RCE
-
CWE-502
High
Oracle E-Business Suite SQL injection (CVE-2017-3549)
CVE-2017-3549
CWE-89
High
Oracle E-Business Suite SSRF (CVE-2017-10246)
CVE-2017-10246
CWE-918
High
Oracle WebLogic Remote Code Execution via IIOP
CVE-2020-2551
CWE-502
High
SAML Consumer Service XML entity injection (XXE)
-
CWE-611
High
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
CVE-2023-49070
CWE-502
High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
CVE-2019-5420
CWE-502
High
Apache Unomi MVEL RCE (CVE-2020-13942)
CVE-2020-13942
CWE-20
High
Cross-site Scripting via Remote File Inclusion
-
CWE-79
High
VMware vCenter Log4Shell RCE
CVE-2021-44228
CWE-78
High
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)
CVE-2020-10189
CWE-502
High
SSRF in Server-Side Rendering
-
CWE-918
High
Unvalidated JWT jku parameter
-
CWE-287
High
SAP BO BIP XXE (CVE-2022-28213)
CVE-2022-28213
CWE-112
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
Skype for Business SSRF (CVE-2023-41763)
CVE-2023-41763
CWE-918
High
Apache OFBiz SSRF (CVE-2023-50968)
CVE-2023-50968
CWE-918
High
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
CVE-2024-21893
CWE-918
High
Ivanti EPM SQLi RCE (CVE-2024-29824)
CVE-2024-29824
CWE-89
High
SAML Consumer Service XSLT injection
-
CWE-91
High
SAP NW DI SSRF vulnerability (CVE-2021-33690)
CVE-2021-33690
CWE-918
High
Apache Solr Log4Shell RCE
CVE-2021-44228
CWE-78
High
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
CVE-2021-35587
CWE-502
High
OpenCms Chemistry XML External Entity (XXE) vulnerability (CVE-2023-42344)
CVE-2023-42344
CWE-611
High
OpenCms Chemistry Solr XML External Entity (XXE) vulnerability (CVE-2023-42346)
CVE-2023-42346
CWE-611
High
Appwrite favicon SSRF (CVE-2023-27159)
CVE-2023-27159
CWE-918
High
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
-
CWE-502
High
VMware Horizon Log4Shell RCE
CVE-2021-44228
CWE-78
High
Ubiquiti Unifi Log4Shell RCE
CVE-2021-44228
CWE-78
High
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)
CVE-2022-21445
CWE-502
High
Apache OFBiz Log4Shell RCE
CVE-2021-44228
CWE-78
High
MobileIron Log4Shell RCE
CVE-2021-44228
CWE-78
High
Kentico CMS Deserialization RCE
CVE-2019-10068
CWE-502
High
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
CVE-2020-2950
CWE-502
High
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
CVE-2017-9822
CWE-502
High
Auxiliary systems SSRF
-
CWE-918
High
uWSGI Unauthorized Access Vulnerability
-
CWE-78
High
Liferay TunnelServlet Deserialization Remote Code Execution
-
CWE-502
High
Deserialization of Untrusted Data (Java Object Deserialization)
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
CVE-2017-7525
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
-
CWE-502
High
JavaMelody XML External Entity (XXE) vulnerability
CVE-2018-15531
CWE-611
High