Lucene search
+L

168 matches found

Cvelist
Cvelist
added 2022/11/15 12:0 a.m.47 views

CVE-2022-45381

Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not restrict the set of enabled prefix interpolators and bundles versions of Apache Commons Configuration library that enable the 'file:' prefix interpolator by default, allowing attackers able to configure Pipelines to read arbitrary...

8.5AI score0.01328EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/14 10:43 p.m.46 views

Security Bulletin: A vulnerability in Apache Commons Configuration affects IBM InfoSphere Information Server [CVE-2022-33980]

Summary A vulnerability in Apache Commons Configuration used by IBM InfoSphere Information Server was addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/13 10:19 p.m.39 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Configuration (CVE-2022-33980)

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Configuration. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/12 7:56 a.m.60 views

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.1 release and security update

Red Hat AMQ Broker 7.10.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7AI score0.42646EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2022/10/12 7:56 a.m.6 views

apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

9.8CVSS7.3AI score0.42646EPSS
Exploits3References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/16 1:39 p.m.52 views

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Configuration [CVE-2022-33980]

Summary Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Configuration and the issue has been addressed. CVE-2022-33980 Vulnerability Details...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/06 4:47 p.m.42 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)

Summary IBM Sterling Connect:Direct for UNIX object storage file IO exits, and IBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Configuration CVE-2022-33980. Apache Commons Configuration has been upgraded to...

9.8CVSS9.8AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/06 4:14 p.m.48 views

Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Analytic Server [CVE-2022-33980]

Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker t...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/16 9:11 a.m.68 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)

Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons...

9.8CVSS9.5AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/15 2:13 a.m.138 views

Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Modeler [CVE-2022-33980]

Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Modeler. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execut...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/11 8:32 a.m.126 views

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)

Summary There is a vulnerability in Apache Commons Configuration used by IBM Sterling Connect:Direct File Agent. IBM Sterling Connect:Direct File Agent has addressed the applicable CVE CVE-2022-33980. Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow...

9.8CVSS9.6AI score0.42646EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/25 7:50 a.m.79 views

Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980)

Summary IBM Common Licensing is vulnerable to a remote code execution in Spring Framework CVE-2022-22970,CVE-2022-22971 as it does have Spring Framework versions 5.3.0 to 5.3.20, 5.2.0 to 5.2.22, and older versions. IBM Common Licensing is vulnerable to a remote code execution in Apache Commons...

9.8CVSS8.9AI score0.42646EPSS
Exploits4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/07/11 12:0 a.m.11 views

The vulnerability of the Apache Commons Configuration library, related to improper code generation management, allows attackers to execute arbitrary code.

The vulnerability of the Apache Commons Configuration library is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted script, DNS, and URL requests...

7.1CVSS7.6AI score0.42646EPSS
Exploits3References4Affected Software3
RedhatCVE
RedhatCVE
added 2022/07/07 8:15 p.m.55 views

CVE-2022-33980

A flaw was found in Apache Commons Configuration's variable interpolation, which by default included several lookup actions that could permit script invocation on remote servers. This issue could allow an attacker to use one of these actions to send a request to execute arbitrary code on the serv...

7.5CVSS6.8AI score0.42646EPSS
Exploits3References3
vulnersOsv
vulnersOsv
added 2022/07/07 12:0 a.m.5 views

br.com.ideotech:draw-out-spring-boot-aop (>=1.5.19-1.RELEASE <=1.5.19.RELEASE), br.com.ideotech:draw-out-spring-boot-lib (>=1.5.19-1.RELEASE <=1.5.19.RELEASE) +1769 more potentially affected by CVE-2022-33980 via org.apache.commons:commons-configuration2 (>=2.4 <=2.7)

org.apache.commons:commons-configuration2 MAVEN version =2.4, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.19-1.RELEASE, =1.5.0, =1.9.17-0, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0, =1.0.1-2024, =3.5.0-jdk17-1.0.0, =3.5.0-jdk17-2.0.0 and more Source cves: CVE-2022-33980 Source advisory:...

9.8CVSS7AI score0.42646EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2022/07/07 12:0 a.m.63 views

Code injection in Apache Commons Configuration

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS9.7AI score0.42646EPSS
Exploits3References10Affected Software1
OSV
OSV
added 2022/07/07 12:0 a.m.92 views

GHSA-XJ57-8QJ4-C4M6 Code injection in Apache Commons Configuration

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS9AI score0.42646EPSS
Exploits3References10
NVD
NVD
added 2022/07/06 1:15 p.m.24 views

CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS0.42646EPSS
Exploits3References5
OSV
OSV
added 2022/07/06 1:15 p.m.3 views

DEBIAN-CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS8.3AI score0.42646EPSS
Exploits3References1
UbuntuCve
UbuntuCve
added 2022/07/06 1:15 p.m.47 views

CVE-2022-33980

Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the...

9.8CVSS7.5AI score0.42646EPSS
Exploits3References2
Rows per page
Query Builder