Oracle WebCenter Portal Multiple Vulnerabilities (Jan 2021 CPU)

The version of Oracle WebCenter Portal installed on the remote host is missing a security patch from the January 2021 Critical Patch Update CPU. It is, therefore, affected by the following vulnerabilities : - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware...

Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Jan 2021 CPU)

MySQL Enterprise Monitor installed on the remote host is 8.0.x prior to 8.0.23. Therefore, it's affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Service Manager Apache Commons...

Security Bulletin: Security vulnerabilities are identified in WebSphere Application Server where Rational Asset Manager is deployed (CVE-2019-10086 and CVE-2020-4329)

Summary In the WebSphere Application Server WAS admin console where the Rational Asset Manager RAM is deployed, vulnerabilities such as allowing a remote attacker to access the classloader through class property, and an authenticated attacker obtaining sensitive information caused by improper...

NewStart CGSL CORE 5.05 / MAIN 5.05 : apache-commons-beanutils Vulnerability (NS-SA-2020-0100)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has apache-commons-beanutils packages installed that are affected by a vulnerability: - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to acces...

Security Bulletin: Vulnerabilities in IBM Db2 and IBM Java Runtime affect IBM Spectrum Protect Server

Summary Multiple vulnerabilities in IBM Db2 and IBM Runtime Environment Java affect the IBM Spectrum Protect Server. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in January, April, and July 2020. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendo...

IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.17 / 9.0.x < 9.0.5.2 Beanutils Vulnerability (CVE-2019-10086)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.0.x prior to 8.5.5.17, or 9.0.x prior to 9.0.5.2. It is, therefore, affected by a vulnerability in the Apache Commons Beanutils subcomponent. An unauthenticated, remo...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is shipped with or required product for IBM Tivoli Netcool Configuration Manager (CVE-2019-10086)

Summary IBM WebSphere Application Server is shipped with or is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.1 and 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability...

Security Bulletin: A security vulnerability has been identified in embedded IBM WebSphere Application Server, which is shipped with or required for IBM Tivoli Network Manager (CVE-2019-10086)

Summary IBM WebSphere Application Server is shipped with or required for IBM Tivoli Network Manager version 3.9, 4.1.1 and 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the...

Security Bulletin: IBM Security Guardium is affected by an Apache commons beanutils 1.9.2 library vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID: CVE-2019-10086 DESCRIPTION: Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by...

Security Bulletin: Atlas eDiscovery Process Management(6.0.1.x and 6.0.2.x versions) is affected by a vulnerable Apache Commons Beanutils in WebSphere Application Server

Abstract This Fix Readme includes instructions to upgrading the Apache Commons Beanutils jar to v1.9.4 for Atlas eDiscovery Process Management6.0.1.x and 6.0.2.x versions Content PSIRT details: PRID: PVR0203016, Advisory ADV0020809 - Apache Commons Beanutils Vulnerability CVEID: CVE-2019-10086 CV...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2014-0114, CVE-2019-10086)

Summary WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in t...

Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to Apache Commons Beanutils (CVE-2019-10086)

Summary There is a vulnerability in Apache Commons Beanutils that is used by WebSphere Application Server. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- Tivo...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server is vulnerable to Apache Commons beanutils

Summary Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader...

Important: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

Important: Red Hat Security Advisory: Red Hat Fuse 7.7.0 release and security update

A minor version update from 7.6 to 7.7 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a validation vulnerability (CVE-2019-10086)

Summary IBM Financial Transaction Manager for Corporate Payment Services FTM CPS for Multi-Platform has addressed the following vulnerability. A potential vulnerability in the Apache Commons Beanutils module could allow unauthorized access to the classloader. Vulnerability Details CVEID:...

RHEL 7 : candlepin and satellite (RHSA-2020:2740)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2740 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide...