Lucene search
K

265 matches found

ibm
ibm
added 2025/07/02 3:26 p.m.11 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to improper access control due to Apache Commons BeanUtils (CVE-2025-23184)

Summary Apache Commons BeanUtils is shipped with IBM Tivoli Business Service Manager as part of its backend process to handle Java Beans. Information about a security vulnerability affecting Apache Commons BeanUtils has been published in a security bulletin. Vulnerability Details...

8.8CVSS6.8AI score0.01941EPSS
Exploits1Affected Software1
redos
redos
added 2025/07/01 12:0 a.m.6 views

ROS-20250630-10

A vulnerability in the BeanIntrospector class of the Apache Commons Beanutils utility is related to the recovery of an inaccurate data structure in memory. of an invalid data structure. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality,...

7.5CVSS6.8AI score0.28839EPSS
Exploits1
nessus
nessus
added 2025/07/01 12:0 a.m.5 views

Fedora 41 : apache-commons-beanutils (2025-3eb7c0066f)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3eb7c0066f advisory. Fix improper access control vulnerability Resolves: CVE-2025-48734 Tenable has extracted the preceding description block directly from the Fedora security...

8.8CVSS6.5AI score0.01548EPSS
Exploits1References2
nessus
nessus
added 2025/07/01 12:0 a.m.4 views

Fedora 42 : apache-commons-beanutils (2025-48e8e5f8ed)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-48e8e5f8ed advisory. Fix improper access control vulnerability Resolves: CVE-2025-48734 Tenable has extracted the preceding description block directly from the Fedora security...

8.8CVSS6.5AI score0.01548EPSS
Exploits1References2
redhat
redhat
added 2025/06/30 1:16 p.m.4 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01548EPSS
Exploits1References8
osv
osv
added 2025/06/26 10:4 a.m.4 views

RHSA-2025:9696 Red Hat Security Advisory: apache-commons-beanutils security update

Bulletin has no description...

8.8CVSS6.8AI score0.01548EPSS
Exploits1References11
nessus
nessus
added 2025/06/26 12:0 a.m.6 views

SUSE SLES12 Security Update : apache-commons-beanutils (SUSE-SU-2025:02056-1)

"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02056-1 advisory. Update to 1.11.0: Fixed Bugs: - BeanComparator.compareT, T now throws IllegalArgumentException instead of RuntimeException to wrap all cases ...

9.8CVSS7AI score0.96121EPSS
Exploits22References8
nessus
nessus
added 2025/06/26 12:0 a.m.5 views

RHEL 9 : apache-commons-beanutils (RHSA-2025:9696)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9696 advisory. The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fixes:...

8.8CVSS6.9AI score0.01548EPSS
Exploits1References4
redhat
redhat
added 2025/06/25 7:47 p.m.4 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01548EPSS
Exploits1References8
redhat
redhat
added 2025/06/25 7:30 p.m.8 views

Important: Red Hat Security Advisory: apache-commons-beanutils security update

An update for apache-commons-beanutils is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.8CVSS6.7AI score0.01548EPSS
Exploits1References2
nessus
nessus
added 2025/06/25 12:0 a.m.3 views

Amazon Linux 2 : apache-commons-beanutils (ALAS-2025-2899)

The version of apache-commons-beanutils installed on the remote host is prior to 1.8.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2899 advisory. Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version...

8.8CVSS7AI score0.01548EPSS
Exploits1References4
amazon
amazon
added 2025/06/24 12:0 a.m.5 views

Important: apache-commons-beanutils

Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...

8.8CVSS7.4AI score0.01548EPSS
Exploits1
redhat
redhat
added 2025/06/23 3:38 a.m.2 views

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

8.8CVSS7.6AI score0.01548EPSS
Exploits1References8
redhat
redhat
added 2025/06/23 3:38 a.m.6 views

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

7.5CVSS6.8AI score0.28839EPSS
Exploits1References5
openvas
openvas
added 2025/06/23 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-48e8e5f8ed)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.01548EPSS
Exploits1References3
openvas
openvas
added 2025/06/23 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2025-3eb7c0066f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.01548EPSS
Exploits1References3
fedora
fedora
added 2025/06/22 1:14 a.m.8 views

[SECURITY] Fedora 41 Update: apache-commons-beanutils-1.9.4-39.fc41

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight...

8.8CVSS9AI score0.01548EPSS
Exploits1
osv
osv
added 2025/06/20 4:17 p.m.4 views

SUSE-SU-2025:02056-1 Security update for apache-commons-beanutils

This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0: Fixed Bugs: + BeanComparator.compareT, T now throws IllegalArgumentException instead of RuntimeException to wrap all cases of ReflectiveOperationException. + MappedMethodReference.get now throws...

9.8CVSS8AI score0.96121EPSS
Exploits22References5
nessus
nessus
added 2025/06/19 12:0 a.m.6 views

Oracle Linux 9 : apache-commons-beanutils (ELSA-2025-9114)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-9114 advisory. Fri Jun 13 2025 Mikolaj Izdebski - Fix improper access control vulnerability - Resolves: CVE-2025-48734 Tenable has extracted the preceding description block...

8.8CVSS6.5AI score0.01548EPSS
Exploits1References2
oraclelinux
oraclelinux
added 2025/06/18 12:0 a.m.13 views

apache-commons-beanutils security update

Fri Jun 13 2025 Mikolaj Izdebski - Fix improper access control vulnerability - Resolves: CVE-2025-48734...

8.8CVSS8.8AI score0.01548EPSS
Exploits1
Rows per page
Query Builder