USN-8322-1 commons-beanutils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

SUSE CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

ROOT-APP-MAVEN-CVE-2019-10086 CVE-2019-10086 in io.root.commons-beanutils:commons-beanutils - Patched by Root

Root has patched CVE-2019-10086 in the io.root.commons-beanutils:commons-beanutils package for Root:Maven. Multiple fixed versions available...

Improper Authorization commons-beanutils:commons-beanutils Dependency in Jira Service Management Data Center

This High severity Improper Authorization vulnerability was introduced in versions 5.12.1, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center. This Improper Authorization vulnerability, with a CVSS Score of 8.8 and a...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026

Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

Exploit for Missing Authorization in Scshr Hr_Portal

CVE-2025-48734: Apache Commons BeanUtils – enum declaredClass...

Security Bulletin: IBM Event Streams is vulnerable to improper access control

Summary IBM Event Streams is vulnerable to improper access control leading to potential classloader access in Apache Commons BeanUtils CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class w...

RCE (Remote Code Execution) commons-beanutils Dependency in Crowd Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an authenticated attacker to...

GLSA-202601-05 : Commons-BeanUtils: Arbitary Code Execution

The remote host is affected by the vulnerability described in GLSA-202601-05 Commons-BeanUtils: Arbitary Code Execution Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding descripti...

Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...

Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector

Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

Security Bulletin: IBM Jazz Reporting Service is affected by improper access control due to Apache Commons

Summary Apache Commons is used internally by IBM Jazz Reporting Service CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers...

TencentOS Server 2: apache-commons-beanutils (TSSA-2025:0654)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0654 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 4: apache-commons-beanutils (TSSA-2025:0562)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0562 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Mageia: Security Advisory (MGASA-2025-0299)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0299 Updated apache-commons-beanutils packages fix security vulnerability

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to improper access control [CVE-2025-48734]

Summary Apache Commons Beanutils is used by IBM App Connect Enterprise Certified Container when using MQ FTE. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run flows that use MQ FTE are vulnerable to improper access contro...

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons

Summary vulerability in IBM Spectrum Symphony with Apache Commons Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declare...

Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product dependency with BA client code.

Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws mentioned in CVE-2025-48734. : using the "commons-beanutils-1.8.3.jar" can allow the attacker can get control on the declared class property of Java enum objects to get access to the classloader...