Security Bulletin: A vulnerability in Open Source BeanShell has been addressed by IBM Kenexa LMS (CVE-2016-2510)

Summary A vulnerability in Open Source BeanShell has been addressed by LMS Vulnerability Details CVEID: CVE-2016-2510 DESCRIPTION: BeanShell could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data using Java serialization or XStream. ...

Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510).

Summary A BeanShell vulnerability for handling Java object deserialization was addressed by IBM Emptoris Strategic Supply Management Platform, IBM Contract Management and IBM Program Management products. Vulnerability Details CVEID: CVE-2016-2510 DESCRIPTION: BeanShell could allow a remote attack...

BeanShell Remote Server Mode RCE Vulnerability (Telnet)

The BeanShell Interpreter in remote server mode is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Design/Logic Flaw

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

CVE-2017-5586

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

CVE-2017-5586

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

CVE-2017-5586

OpenText Documentum D2 formerly EMC Documentum D2 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell bsh and Apache Commons Collections ACC libraries...

OpenText Documentum D2 - Remote Code Execution

/ CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4.x Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Description: Document D2 contains vulnerable BeanShell bsh and Apache Commons libraries and...

OpenText Documentum D2 4.x Remote Code Execution

CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4.x Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Description: Document D2 contains vulnerable BeanShell bsh and Apache Commons libraries and...

OpenText Documentum D2 - Remote Code Execution

OpenText Documentum D2 - Remote Code Execution / CVE Identifier: CVE-2017-5586 Vendor: OpenText Affected products: Documentum D2 version 4.x Researcher: Andrey B. Panfilov Severity Rating: CVSS v3 Base Score: 10.0 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Description: Document D2 contains vulnerable...

NetIQ Sentinel Java Object Deserialization RCE

The remote Novell NetIQ Sentinel server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the BeanShell library. An unauthenticated, remote attacker can exploit this, by sending a specially crafted serialized Java object via th...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update

Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

bsh2: remote code execution via deserialization

A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this...

GLSA-201607-17 : BeanShell: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201607-17 BeanShell: Arbitrary code execution An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to deserialize data from an untrusted...

bsh2: remote code execution via deserialization

A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this...

Critical: Red Hat Security Advisory: Red Hat JBoss SOA Platform security update

An update is now available for Red Hat JBoss SOA Platform 5.3.1. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization security and bug fix update

An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

bsh2: remote code execution via deserialization

A deserialization flaw allowing remote code execution was found in the BeanShell library. If BeanShell was on the classpath, it could permit code execution if another part of the application deserialized objects involving a specially constructed chain of classes. A remote attacker could use this...

DEBIAN-CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...

CVE-2016-2510

BeanShell bsh before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler...