CVE-2019-20635

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
Unsafe Reflection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
intlandcodebeamer
𝑥
≤ 9.4.0
intlandcodebeamer
9.5.0:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://codebeamer.com/cb/wiki/7372223
https://codebeamer.com/cb/wiki/7372223