High severity8.8CISA KEVNVD Advisory· Published Aug 5, 2010· Updated Apr 22, 2026

CVE-2010-1871

Description

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.

Affected products

NetApp/Oncommand Balance
cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
NetApp/Oncommand Insight
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
NetApp/Oncommand Unified Manager
cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:clustered_data_ontap:*:*
Red Hat/Jboss Enterprise Application Platform
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/41994nvdBroken LinkThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2010/1929nvdBroken LinkVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/60794nvdThird Party AdvisoryVDB Entry
security.netapp.com/advisory/ntap-20161017-0001/nvdThird Party Advisory
archives.neohapsis.com/archives/bugtraq/2013-05/0117.htmlnvdBroken Link
www.redhat.com/support/errata/RHSA-2010-0564.htmlnvdBroken Link
bugzilla.redhat.com/show_bug.cginvdIssue Tracking
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000