Lucene search
K

168 matches found

Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.3 views

PT-2024-2438 · Apache +3 · Apache Commons Configuration +3

Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.0 through 2.10.0 Atlassian Confluence Data Center versions 7.17.0 through 8.9.0 Atlassian Confluence Server versions 7.17.0 through 8.5.8 Description: The issue is related to an out-of-bounds write...

10CVSS6.8AI score0.02054EPSS
Exploits0References56
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.35 views

Oracle Business Intelligence Enterprise Edition (OAS 6.4) (October 2023 CPU)

The version of Oracle Business Intelligence Enterprise Edition OAS 6.4.0.0.0 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product...

9.9CVSS7.5AI score0.42646EPSS
Exploits7References13
Broadcom
Broadcom
added 2023/08/29 12:0 a.m.45 views

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded.

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS8.7AI score0.42646EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2023/05/03 3:54 p.m.8 views

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

9.8CVSS7.3AI score0.42646EPSS
Exploits3References4
Veracode
Veracode
added 2023/03/07 12:49 a.m.26 views

Arbitrary File Read

jenkins-2-plugins is vulnerable to Arbitrary File Read. The library does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons configuration library that enable the file: prefix interpolator by default, allowing attackers to configure pipelines to read...

8.1CVSS8.3AI score0.01328EPSS
Exploits0References6Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.67 views

K08006936: Apache Commons Configuration vulnerability CVE-2022-33980

Security Advisory Description Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of...

9.8CVSS8.4AI score0.42646EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.8 views

SUSE CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

8.1CVSS7.7AI score0.42646EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2022/11/28 2:39 p.m.5 views

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

9.8CVSS7.3AI score0.42646EPSS
Exploits3References4
Debian
Debian
added 2022/11/28 11:38 a.m.46 views

[SECURITY] [DSA 5290-1] commons-configuration2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5290-1 [email protected] https://www.debian.org/security/ Markus Koschany November 28, 2022 https://www.debian.org/security/faq -...

9.8CVSS9.9AI score0.42646EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 8:55 a.m.61 views

Security Bulletin: Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights [CVE-2022-42889, CVE-2022-33980]

Summary Apache Commons Text and Apache Commons Configuration vulnerabilities affects IBM Operations Analytics Predictive Insights CVE-2022-42889, CVE-2022-33980. Apache Commons Text and Apache Commons Configuration is used by IBM Operations Analytics Predictive Insight REST Mediation Service, par...

9.8CVSS10AI score0.99931EPSS
Exploits45Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/28 12:0 a.m.43 views

Debian DSA-5290-1 : commons-configuration2 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5290 advisory. - Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is...

9.8CVSS8.4AI score0.42646EPSS
Exploits3References6
OpenVAS
OpenVAS
added 2022/11/25 12:0 a.m.35 views

Apache Commons Configuration 2.4 - 2.7 RCE Vulnerability

The Apache Commons Configuration library is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.8CVSS9.7AI score0.42646EPSS
Exploits3References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/18 3:8 a.m.48 views

Security Bulletin: Potential vulnerability in Apache Commons Configuration affect IBM Operations Analytics - Log Analysis (CVE-2022-33980)

Summary Vulnerability in Apache Commons Configuration could allow remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the syste...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
OSV
OSV
added 2022/11/16 12:0 p.m.28 views

GHSA-3G9Q-CMGV-G4P6 Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

7.5CVSS8.6AI score0.01328EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.47 views

Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

8.1CVSS8.2AI score0.01328EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/15 8:15 p.m.4 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.1CVSS5.9AI score0.01328EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 8:15 p.m.22 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.1CVSS0.01328EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.32 views

Default configuration

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

5.5CVSS7.8AI score0.01328EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/15 12:0 a.m.331 views

CVE-2022-45381

The CVE-2022-45381 case concerns Jenkins Pipeline Utility Steps Plugin (

8.1CVSS7.7AI score0.01328EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.44 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.5AI score0.01328EPSS
Exploits0References2
Rows per page
Query Builder