commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

OESA-2025-1941 apache-commons-vfs security update

Commons VFS provides a uniform view of files through a single API which is designed for accessing various different file systems. These file systems could be a local disk, an HTTP server or a ZIP archive file. The key features are listed as follows: The API is consistent among various file types...

OESA-2025-1929 apache-commons-lang3 security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. Lang provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical methods, object reflection...

Security Bulletin: IBM QRadar SIEM is affected by cross-site scripting and denial of service (CVE-2025-33118, CVE-2011-5034, CVE-2024-25710, CVE-2024-26308)

Summary IBM QRadar SIEM is affected by stored cross-site scripting and denial of service. Apache Geronimo and Apache Commons Compress are affected by predictable hash collisions, infinite loop, and resource exhaustion. Vulnerability Details CVEID:CVE-2025-33118 DESCRIPTION: IBM QRadar SIEM is...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

Oracle Linux 7 : apache-commons-beanutils (ELSA-2025-10814)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10814 advisory. - Add SuppressPropertiesBeanIntrospector.SUPPRESSDECLARINGCLASS Orabug: 38176946CVE-2025-48734 - Fix CVE-2014-0114 - Fix CVE-2019-10086 - Resolves: CVE-2013-15...

RockyLinux 8 : javapackages-tools:201801 (RLSA-2025:9318)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:9318 advisory. apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 commons-beanutils: Apache Commons...

Security Bulletin: IBM Sterling Connect:Direct Web Services uses commons-lang3 and is vulnerable to CVE-2025-48924

Summary IBM Sterling Connect:Direct Web Services is vulnerable to uncontrolled recursion vulnerability in Apache Commons Lang. This has been addressed in new build available from IBM Repository. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...

javapackages-tools:201801 security update

An update is available for assertj-core, byaccj, maven-resolver, qdox, module.sonatype-plugins-parent, maven-shade-plugin, module.glassfish-jsp-api, module.exec-maven-plugin, plexus-sec-dispatcher, module.geronimo-annotation, module.atinject, module.xmlunit, glassfish-el, powermock,...

RLSA-2025:9318 Important: javapackages-tools:201801 security update

The javapackages-tools packages provide macros and scripts to support Java packaging. Security Fixes: apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses ...

apache-commons-fileupload: Apache Commons FileUpload DoS via part headers

A denial-of-service DoS vulnerability has been discovered in the Apache Commons FileUpload library. The flaw stems from insufficient limits placed on multipart headers during file uploads. A remote attacker could exploit this by sending a specially crafted request with an excessively large number...

Security Bulletin: Uncontrolled Resource Consumption vulnerability in Apache Commons IO, which affects IBM watsonx.data

Summary Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are recommended ...

The vulnerability of the ClassUtils.getClass() function in the Apache Commons Lang library for the Java programming language allows a attacker to trigger a denial-of-service attack.

The vulnerability of the ClassUtils.getClass method in the Apache Commons Lang library for the Java programming language is related to an uncontrolled recursion. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

apache-commons-vfs security update

2.0-11.0.1 - Simplify UriParser Orabug: 38161936CVE-2025-27553...

Oracle Linux 7 : apache-commons-vfs (ELSA-2025-10548)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10548 advisory. 2.0-11.0.1 - Simplify UriParser Orabug: 38161936CVE-2025-27553 Tenable has extracted the preceding description block directly from the Oracle Linux security...

Oracle Identity Manager (July 2025 CPU)

The 12.2.1.4.0 versions of Identity Manager installed on the remote host are affected by a vulnerability as referenced in the July 2025 CPU advisory. - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Core Apache Commons BeanUtils. The supported version...

Security Bulletin: IBM Integration Designer is vulnerable to denial of service (CVE-2025-48976, CVE-2025-48924)

Summary Vulnerability in Apache Commons FileUpload and Commons Lang used by IBM Integration Designer. IBM Integration Designer has addressed CVE-2025-48976 and CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient...

Security Bulletin: IBM Cloud Pak System is vulnerable to an Improper Access Control due to use of Apache Commons BeanUtils [CVE-2025-48734]

Summary Due to use of Apache Commons BeanUtils IBM Cloud Pak System is vulnerable to an Improper Access Control. IBM Cloud Pak System addressed vulnerability. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospecto...