264 matches found
CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...
CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean...
PT-2019-4682 · Apache +6 · Apache Commons Beanutils +6
Name of the Vulnerable Software and Affected Versions: Apache Commons Beanutils versions prior to 1.9.2 Description: The issue is related to the BeanIntrospector class in Apache Commons Beanutils, which can lead to the restoration of untrusted data structures in memory. This can allow a remote...
Apache Commons Beanutils Code Issue Vulnerability
Apache Commons Beanutils is the United States Apache Apache Software Foundation, a package that provides tools to manipulate JavaBean. A code issue vulnerability exists in Apache Commons Beanutils version 1.9.2, which can be exploited by an attacker to execute arbitrary code/commands...
Apache Commons Beanutils CVE-2019-10086 Remote Security Vulnerability
Description Apache Commons Beanutils is prone to a remote security vulnerability. An attacker can leverage this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. Apache Commons Beanutils 1.9.2, and 1.9.3 are vulnerable. Technologies Affected...
Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Apache Commons BeanUtils (CVE-2014-0114)
Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attack...
HP UCMDB Server BeanUtils Java Deserialization RCE
The HP Universal Configuration Management Database UCMDB Server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons BeanUtils library. An unauthenticated, remote attacker can exploit...
Code injection
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...
CVE-2017-3503
CVE-2017-3503 is a vulnerability in the Oracle Primavera P6 Enterprise Project Portfolio Management (P6 EPPM) Web Access component (Apache Commons BeanUtils). Affected versions: 8.3, 8.4, 15.1, 15.2, 16.1, and 16.2. The description indicates an easily exploitable issue where a low-privileged atta...
CVE-2017-3503
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...
CVE-2017-3503
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...
Oracle Primavera Products Remote Vulnerability
Oracle Primavera Products Suite is a suite of project portfolio management solutions from Oracle Corporation.Primavera P6 Enterprise Project Portfolio Management P6 EPPM is one of the components used for project planning, management and execution. Primavera P6 Enterprise Project Portfolio...
GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201607-09 Commons-BeanUtils: Arbitrary code execution Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact : Remote attackers could potentially execute arbitra...
Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)
The version of Oracle Enterprise Data Quality running on the remote host is affected by multiple vulnerabilities : - A flaw in Apache Commons BeanUtils allows a remote attacker to execute arbitrary code by manipulating the ClassLoader. CVE-2014-0114 - A flaw in Apache Tomcat allows a remote...
Oracle Identity Manager (October 2014 CPU
The remote host is missing the October 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities : - The application is affected by a vulnerability in Apache Commons BeanUtils in which ClassLoader objects can be set via the class attribute of a...
Apache commons-beanutils code exeuction
ActionForm class parameter unrestricted access...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
Code injection
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...