CVE-2016-0710
Apache Jetspeed vulnerable to SQL Injection
8.8
HIGH
CVSS 3.1
EPSS 78.0%
Description
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
How to fix CVE-2016-0710
To remediate CVE-2016-0710, upgrade the affected package to a fixed version below.
- Maven/org.apache.portals.jetspeed-2:jetspeed—upgrade to 2.3.1 or later
Is CVE-2016-0710 being exploited?
Likely — EPSS is 78.0%, placing CVE-2016-0710 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (1)
- from 0, < 2.3.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |