Security Bulletin: Apache commons-dbcp vulnerability affects watsonx.data

Summary Apache commons-dbcp could allow a remote authenticated attacker from within the local network to obtain sensitive information, caused by an error if a BasicDataSource is created with jmxName set. By using JMXBean, an attacker could exploit this vulnerability to expose/export the password...

ALSA-2025:9114 Important: apache-commons-beanutils security update

The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fixes: commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default CVE-2025-48734 For more detai...

TencentOS Server 2: bcel (TSSA-2022:0287)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0287 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

RHEL 9 : apache-commons-beanutils (RHSA-2025:9114)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9114 advisory. The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fixes:...

Important: apache-commons-beanutils security update

The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fixes: commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default CVE-2025-48734 For more detai...

Amazon Linux 2023 : apache-commons-beanutils, apache-commons-beanutils-javadoc (ALAS2023-2025-999)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-999 advisory. Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java en...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

Important: apache-commons-beanutils

Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...

Important: apache-commons-beanutils

Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...

openSUSE Security Advisory (SUSE-SU-2025:01815-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:01815-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: Red Hat build of Cryostat 4.0.1: new RHEL 9 container image security update

New Red Hat build of Cryostat 4.0.1 on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE SLES15 / openSUSE 15 Security Update : apache-commons-beanutils (SUSE-SU-2025:01815-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01815-1 advisory. Update to 1.11.0 - CVE-2025-48734: Fixed possible arbitrary code execution vulnerability bsc1243793 Full changelog:...

SUSE-SU-2025:01815-1 Security update for apache-commons-beanutils

This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0 - CVE-2025-48734: Fixed possible arbitrary code execution vulnerability bsc1243793 Full changelog: https://commons.apache.org/proper/commons-beanutils/changes.htmla1.11.0...

Security Bulletin: IBM Engineering Systems Design Rhapsody affected by CVE-2024-47554

Summary commons-io-2.11.0.jar was vulnerable and IBM Engineering Systems Design Rhapsodyhas upgraded JAR to 2.14.0. Vulnerability Details CVEID:CVE-2024-47554 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class m...

The vulnerability of the FtpFileObject class, a common API for accessing various file systems through Apache Commons VFS, allows attackers to gain unauthorized access to protected information.

The vulnerability of the FtpFileObject class, a common API for accessing various file systems via Apache Commons VFS, is related to insufficient protection of service data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Medium: apache-commons-io

Issue Overview: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are...

Medium: apache-commons-io

Issue Overview: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 before 2.14.0. Users are...

Amazon Linux 2023 : apache-commons-io, apache-commons-io-javadoc (ALAS2023-2025-986)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-986 advisory. Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted inpu...

Improper Access Control

Apache Commons BeanUtils is vulnerable to Improper Access Control. The vulnerability is due to insecure property access due to failure to restrict access to the declaredClass property of Java enums, allowing attackers to access the classloader and potentially execute arbitrary code...