CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

PT-2025-23085

Name of the Vulnerable Software and Affected Versions Apache Commons BeanUtils versions 1.x before 1.11.0 Apache Commons BeanUtils versions 2.x before 2.0.0-M2 Description The issue is related to improper access control in Apache Commons BeanUtils, where an attacker can access the enum's class...

Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2014-0114...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...

RHSA-2019:4317 Red Hat Security Advisory: rh-maven35-apache-commons-beanutils security update

Bulletin has no description...

RHSA-2020:0194 Red Hat Security Advisory: apache-commons-beanutils security update

Bulletin has no description...

RHSA-2020:0057 Red Hat Security Advisory: rh-java-common-apache-commons-beanutils security update

Bulletin has no description...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

OPENSUSE-SU-2024:10617-1 apache-commons-beanutils-1.9.4-3.7 on GA media

These are all security issues fixed in the apache-commons-beanutils-1.9.4-3.7 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Beanutils

Summary Multiple vulnerabilities have been identified in Apache Commons Beanutils, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: Apache...

RHEL 5 : apache-commons-beanutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 Not...

RHEL 6 : apache-commons-beanutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 Not...

GLSA-202405-21 : Commons-BeanUtils: Improper Access Restriction

The remote host is affected by the vulnerability described in GLSA-202405-21 Commons-BeanUtils: Improper Access Restriction - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class...

RHEL 7 : rh-maven35-apache-commons-beanutils (RHSA-2019:4317)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4317 advisory. The rh-maven35-apache-commons-beanutils package provides Java utility methods for accessing and modifying properties of arbitrary JavaBeans. Security...

Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to remote code execution due to Apache Commons BeanUtils (CVE-2014-0114)

Summary IBM Sterling B2B Integrator uses Apache Commons BeanUtils. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2014-0114 DESCRIPTION: Apache Commons BeanUtils, as distributed in lib/commons-beanutils in Apache Struts could allow a...

Fedora: Security Advisory for apache-commons-beanutils (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: apache-commons-beanutils-1.9.4-19.fc40

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight...