205 matches found
Apache Commons Configuration 2.4 - 2.7 RCE Vulnerability
The Apache Commons Configuration library is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Security Bulletin: Potential vulnerability in Apache Commons Configuration affect IBM Operations Analytics - Log Analysis (CVE-2022-33980)
Summary Vulnerability in Apache Commons Configuration could allow remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the syste...
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...
GHSA-3G9Q-CMGV-G4P6 Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
Default configuration
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
CVE-2022-45381
Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...
CVE-2022-45381
The CVE-2022-45381 case concerns Jenkins Pipeline Utility Steps Plugin (
Security Bulletin: A vulnerability in Apache Commons Configuration affects IBM InfoSphere Information Server [CVE-2022-33980]
Summary A vulnerability in Apache Commons Configuration used by IBM InfoSphere Information Server was addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Configuration (CVE-2022-33980)
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Configuration. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when...
Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.1 release and security update
Red Hat AMQ Broker 7.10.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults
A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...
Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Configuration [CVE-2022-33980]
Summary Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Configuration and the issue has been addressed. CVE-2022-33980 Vulnerability Details...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
Summary IBM Sterling Connect:Direct for UNIX object storage file IO exits, and IBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Configuration CVE-2022-33980. Apache Commons Configuration has been upgraded to...
Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Analytic Server [CVE-2022-33980]
Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker t...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons...
Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Modeler [CVE-2022-33980]
Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Modeler. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execut...
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow...