Findings

Here we list the vulnerabilities with references that we have found so far.

Critical Severity

Software Version Impact CVE Reference
ILIAS 6.8 Command Injection CVE-2021-xxxxx Release Notes
Apache Tapestry 5.7.0 Unauthenticated RCE CVE-2021-27850 ReadMe
ManageEngine OpManger < 12.5.233 Unauthenticated RCE CVE-2020-28653 ReadMe
OpenNMS 25.2.1 Hibernate Injection CVE-2020-11886 ReadMe
dotCMS <= 5.1.5 CSRF to RCE CVE-2019-12872 SonarSource Blog
Netflix Genie 4.0.0 RCE - -
LogicalDOC 8.2.3 Hibernate Injection - SonarSource Blog
Moodle 3.5.1 Object Injection to RCE CVE-2018-14630 SEC Consult Advisory
ILIAS 5.3.10 Object Injection to RCE CVE-2018-25003 Github Commit

High Severity

Software Version Impact CVE Reference
Coming Soon ? ? CVE-2021-27098 NVD Details
OX App Suite <= 7.10.3 Denial of Service CVE-2020-8543 -
OX App Suite <= 7.10.3 Denial of Service CVE-2020-12645 -
LogicalDOC 8.2 Path Traversal CVE-2019-9723 RIPS Blog

Medium Severity

Software Version Impact CVE Reference
Coming Soon ? ? CVE-2021-27099 NVD Details
OX App Suite <= 7.10.3 SSRF CVE-2020-12644 -