Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Acumonitor
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Acumonitor
This page lists
136 vulnerabilities
in this category.
Critical: 17
High: 101
Medium: 17
Low: 1
Vulnerability Name
CVE
CWE
Severity
Jboss Application Server HTTPServerILServlet.java remote code execution
CVE-2017-7504
CWE-502
High
JBoss InvokerTransformer Remote Code Execution
CVE-2015-7501
CWE-502
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
Flex BlazeDS AMF Deserialization RCE
CVE-2017-5641
CWE-502
High
Atlassian OAuth Plugin IconUriServlet SSRF
CVE-2017-9506
CWE-918
High
Data Binding Expression Vulnerability in Spring Web Flow
CVE-2017-4971
CWE-78
High
Apache Shiro Deserialization RCE
CVE-2016-4437
CWE-78
High
Apache Struts2 Remote Command Execution (S2-052)
CVE-2017-9805
CWE-94
High
XML external entity injection (variant)
-
CWE-611
High
XML external entity injection via File Upload
-
CWE-611
High
XML External Entity Injection via external file
-
CWE-611
High
XML external entity injection
-
CWE-611
High
Ext JS arbitrary file read
-
CWE-22
High
Zend Framework local file disclosure via XXE injection
CVE-2015-5161
CWE-611
High
XSLT injection
-
CWE-91
High
Oracle Reports rwservlet vulnerabilities
CVE-2012-3153
CWE-20
High
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
Email Header Injection
-
CWE-20
High
Edge Side Include injection
-
CWE-918
High
Reverse proxy misrouting
-
CWE-918
High
Paperclip gem SSRF (Server side request forgery)
CVE-2017-0889
CWE-918
High
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450
CWE-502
High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
CVE-2019-7091
CWE-502
High
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
Apache Solr Deserialization of untrusted data via jmx.serviceUrl
CVE-2019-0192
-
High
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725
CVE-2019-2725
CWE-94
High
Oracle Weblogic T3 XXE (CVE-2019-2888)
CVE-2019-2888
CWE-611
High
Oracle Weblogic T3 XXE (CVE-2019-2647)
CVE-2019-2647
CWE-611
High
Apache REST RCE CVE-2018-11770
CVE-2018-11770
CWE-94
High
SAP Hybris Deserialization RCE
CVE-2019-0344
CWE-502
High
OpenCms Solr XML External Entity (XXE) vulnerability
-
CWE-611
High
Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)
CVE-2021-2400
CWE-611
High
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
CVE-2019-2616
CWE-611
High
Oracle Weblogic WLS-WSAT Component Deserialization RCE
CVE-2017-10271
CWE-94
High
Oracle Business Intelligence Convert XXE CVE-2019-2767
CVE-2019-2767
CWE-611
High
Unvalidated JWT x5u parameter
-
CWE-287
High
Oracle WebLogic Remote Code Execution via T3
CVE-2018-3245
CWE-502
High
Adobe Experience Manager Misconfiguration
CVE-2016-0957
CWE-693
High
Jira Unauthorized SSRF via REST API
CVE-2019-8451
CWE-918
High
RCE with Spring Data Commons
CVE-2018-1273
CWE-94
High
Xdebug remote code execution via xdebug.remote_connect_back
-
CWE-200
High
Argument Injection
-
CWE-88
High
SOAP WS-Addressing SSRF
-
CWE-918
Medium
Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
CVE-2021-20042
CWE-441
Medium
Hasura GraphQL API without authentication
-
CWE-200
Medium
Reverse proxy bypass
CVE-2011-3368
CWE-20
Medium
Next.js image Blind SSRF
-
CWE-918
Medium
imgproxy SSRF (CVE-2023-30019)
CVE-2023-30019
CWE-918
Medium
Keycloak request_uri SSRF (CVE-2020-10770)
CVE-2020-10770
CWE-918
Medium
Apache Solr SSRF CVE-2017-3164
CVE-2017-3164
CWE-918
Medium
Liferay XMLRPC Blind SSRF
-
CWE-918
Medium
Oracle E-Business Suite SSRF (CVE-2018-3167)
CVE-2018-3167
CWE-918
Medium
Apache Solr Parameter Injection
-
CWE-88
Medium
Httpoxy vulnerability
-
CWE-16
Medium
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
-
CWE-918
Medium
Gitlab CI Lint SSRF
-
CWE-918
Medium
XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024)
CVE-2024-22024
CWE-112
Medium
SAML Consumer Service External Dereference SSRF
-
CWE-918
Medium
SAP BO BIP SSRF (CVE-2020-6308)
CVE-2020-6308
CWE-918
Medium
Oracle Reports Services RWServlet environment variables disclosure
-
CWE-200
Low
«
1
2
