Lucene search
K

205 matches found

OpenVAS
OpenVAS
added 2022/11/25 12:0 a.m.35 views

Apache Commons Configuration 2.4 - 2.7 RCE Vulnerability

The Apache Commons Configuration library is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.8CVSS9.7AI score0.42646EPSS
Exploits3References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/18 3:8 a.m.48 views

Security Bulletin: Potential vulnerability in Apache Commons Configuration affect IBM Operations Analytics - Log Analysis (CVE-2022-33980)

Summary Vulnerability in Apache Commons Configuration could allow remote attacker to execute arbitrary code on the system. This has been fixed. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the syste...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/16 12:0 p.m.46 views

Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

8.1CVSS8.2AI score0.01328EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/16 12:0 p.m.28 views

GHSA-3G9Q-CMGV-G4P6 Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin

Pipeline Utility Steps Plugin implements a readProperties Pipeline step that supports interpolation of variables using the Apache Commons Configuration library. Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of this...

7.5CVSS8.6AI score0.01328EPSS
Exploits0References5
OSV
OSV
added 2022/11/15 8:15 p.m.3 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.1CVSS5.9AI score0.01328EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 8:15 p.m.21 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.1CVSS0.01328EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 8:15 p.m.31 views

Default configuration

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

5.5CVSS7.8AI score0.01328EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.42 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.5AI score0.01328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.9 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

7AI score0.01328EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.331 views

CVE-2022-45381

The CVE-2022-45381 case concerns Jenkins Pipeline Utility Steps Plugin (

8.1CVSS7.7AI score0.01328EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:43 p.m.46 views

Security Bulletin: A vulnerability in Apache Commons Configuration affects IBM InfoSphere Information Server [CVE-2022-33980]

Summary A vulnerability in Apache Commons Configuration used by IBM InfoSphere Information Server was addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/13 10:19 p.m.39 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Configuration (CVE-2022-33980)

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Configuration. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/12 7:56 a.m.58 views

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.1 release and security update

Red Hat AMQ Broker 7.10.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7AI score0.42646EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2022/10/12 7:56 a.m.4 views

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

9.8CVSS7.3AI score0.42646EPSS
Exploits3References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/16 1:39 p.m.51 views

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Configuration [CVE-2022-33980]

Summary Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Configuration and the issue has been addressed. CVE-2022-33980 Vulnerability Details...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/06 4:47 p.m.40 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)

Summary IBM Sterling Connect:Direct for UNIX object storage file IO exits, and IBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Configuration CVE-2022-33980. Apache Commons Configuration has been upgraded to...

9.8CVSS9.8AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/06 4:14 p.m.47 views

Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Analytic Server [CVE-2022-33980]

Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker t...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/16 9:11 a.m.68 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)

Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons...

9.8CVSS9.5AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/15 2:13 a.m.137 views

Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Modeler [CVE-2022-33980]

Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Modeler. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execut...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/11 8:32 a.m.125 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)

Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
Rows per page
Query Builder