Published: 2019/02/05  Last Updated: 2019/02/05

Information from D-CIRCLE inc.

Vulnerability ID:JVN#63860183
Title:POWER EGG vulnerability where EL expression may be executed
Status:Vulnerable

This is a statement from the vendor itself with no modification by JPCERT/CC.

Product name and version corresponding to the vulnerability

POWER EGG 2.0 Ver 2.0.1
POWER EGG 2.0 Ver 2.02 Patch 3 or earlier
POWER EGG 2.0 Ver 2.1 Patch 4 or earlier
POWER EGG 2.0 Ver 2.2 Patch 7 or earlier
POWER EGG 2.0 Ver 2.3 Patch 9 or earlier
POWER EGG 2.0 Ver 2.4 Patch 13 or earlier
POWER EGG 2.0 Ver 2.5 Patch 12 or earlier
POWER EGG 2.0 Ver 2.6 Patch 8 or earlier
POWER EGG 2.0 Ver 2.7 Patch 6 or earlier
POWER EGG 2.0 Ver 2.7 Government Edition Patch 7 or earlier
POWER EGG 2.0 Ver 2.8 Patch 6 or earlier
POWER EGG 2.0 Ver 2.8c Patch 5 or earlier
POWER EGG 2.0 Ver 2.9 Patch 4 or earlier

This vulnerability does not exist in POWER EGG 2.0 Ver 2.10c, Ver 2.11c, POWER EGG 3.0.