CVE-2019-20635

EUVD-2019-11174
codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.
Unsafe Reflection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
intlandcodebeamer
𝑥
≤ 9.4.0
intlandcodebeamer
9.5.0:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://codebeamer.com/cb/wiki/7372223
https://codebeamer.com/cb/wiki/7372223