Lucene search
K

326 matches found

vulnersOsv
vulnersOsv
added 2025/05/28 3:34 p.m.7 views

com.github.hazendaz:displaytag (>=2.8.0 <=3.3.0), com.github.hazendaz:displaytag-examples (>=2.8.0 <=3.3.0) +8 more potentially affected by CVE-2025-48734 via org.apache.commons:commons-beanutils2 (=2.0.0-M1)

org.apache.commons:commons-beanutils2 MAVEN version =2.0.0-M1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.commons:commons-beanutils2 and may be impacted: - com.github.hazendaz:displaytag =2.8.0, =2.8.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0,...

8.8CVSS6.7AI score0.01548EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/05/28 1:32 p.m.25 views

CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

7.7AI score0.01548EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/28 1:32 p.m.480 views

CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

0.01548EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/28 12:0 a.m.6 views

PT-2025-23085

Name of the Vulnerable Software and Affected Versions Apache Commons BeanUtils versions 1.x before 1.11.0 Apache Commons BeanUtils versions 2.x before 2.0.0-M2 Description The issue is related to improper access control in Apache Commons BeanUtils, where an attacker can access the enum's class...

9CVSS7AI score0.01548EPSS
Exploits1References431
GithubExploit
GithubExploit
added 2025/04/18 11:3 a.m.416 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813-vulhub POC script for the vulhub environment of...

9.8CVSS7.4AI score0.99945EPSS
Exploits46
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/15 2:37 a.m.69 views

Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2014-0114...

9.8CVSS9.9AI score0.96121EPSS
Exploits6Affected Software1
RedHat Linux
RedHat Linux
added 2025/04/01 1:12 p.m.4 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01548EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2025/04/01 1:6 p.m.4 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01548EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 9:9 p.m.61 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...

8.1CVSS9.6AI score0.99999EPSS
Exploits23Affected Software2
OSV
OSV
added 2024/09/20 1:55 p.m.17 views

RHSA-2019:4317 Red Hat Security Advisory: rh-maven35-apache-commons-beanutils security update

Bulletin has no description...

7.3CVSS7.7AI score0.28839EPSS
Exploits1References8
OSV
OSV
added 2024/09/20 1:55 p.m.24 views

RHSA-2020:0194 Red Hat Security Advisory: apache-commons-beanutils security update

Bulletin has no description...

7.3CVSS7.7AI score0.28839EPSS
Exploits1References8
OSV
OSV
added 2024/09/20 1:55 p.m.15 views

RHSA-2020:0057 Red Hat Security Advisory: rh-java-common-apache-commons-beanutils security update

Bulletin has no description...

7.3CVSS7.7AI score0.28839EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2024/08/26 11:5 a.m.5 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
OSV
OSV
added 2024/06/15 12:0 a.m.13 views

OPENSUSE-SU-2024:10617-1 apache-commons-beanutils-1.9.4-3.7 on GA media

These are all security issues fixed in the apache-commons-beanutils-1.9.4-3.7 package on the GA media of openSUSE Tumbleweed...

9.8CVSS7.8AI score0.96121EPSS
Exploits22References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/05 7:6 a.m.31 views

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Beanutils

Summary Multiple vulnerabilities have been identified in Apache Commons Beanutils, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: Apache...

7.5CVSS9AI score0.96121EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.34 views

RHEL 6 : apache-commons-beanutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 Not...

7.3AI score0.28839EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.18 views

RHEL 5 : apache-commons-beanutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 Not...

7.3AI score0.28839EPSS
Exploits1References1
Gentoo Linux
Gentoo Linux
added 2024/05/08 12:0 a.m.39 views

Commons-BeanUtils: Improper Access Restriction

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details...

7.5CVSS7.3AI score0.28839EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/05/08 12:0 a.m.37 views

GLSA-202405-21 : Commons-BeanUtils: Improper Access Restriction

The remote host is affected by the vulnerability described in GLSA-202405-21 Commons-BeanUtils: Improper Access Restriction - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class...

7.5CVSS6.6AI score0.28839EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.11 views

RHEL 7 : rh-maven35-apache-commons-beanutils (RHSA-2019:4317)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4317 advisory. The rh-maven35-apache-commons-beanutils package provides Java utility methods for accessing and modifying properties of arbitrary JavaBeans. Security...

7.5CVSS6.9AI score0.28839EPSS
Exploits1References4
Rows per page
Query Builder