An issue exists in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
determine contract lifecycle management 5.4 |