ROOT-APP-MAVEN-CVE-2019-10086 CVE-2019-10086 in io.root.commons-beanutils:commons-beanutils - Patched by Root

Root has patched CVE-2019-10086 in the io.root.commons-beanutils:commons-beanutils package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-48734 CVE-2025-48734 in io.root.commons-beanutils:commons-beanutils - Patched by Root

Root has patched CVE-2025-48734 in the io.root.commons-beanutils:commons-beanutils package for Root:Maven. Multiple fixed versions available...

Oracle E-Business Suite (April 2026 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: Setup and Administration. Supported...

Security Bulletin: Vulnarability in commons-beanutils library (CVE-2019-10086) affects Power HMC.

Summary The commons-beanutils library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability...

Security Bulletin: IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons

Summary IBM SPSS Modeler is affected by Improper Access Control vulnerability in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class wa...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Commons BeanUtils vulnerability (USN-8322-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8322-1 advisory. It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass proper...

USN-8322-1: Apache Commons BeanUtils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

USN-8322-1 commons-beanutils vulnerability

It was discovered that Apache Commons BeanUtils incorrectly allowed access to the declaredClass property of Java enum objects when handling externally supplied property paths. An attacker could possibly use this issue to execute arbitrary code...

SUSE CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

Improper Authorization commons-beanutils:commons-beanutils Dependency in Jira Service Management Data Center

This High severity Improper Authorization vulnerability was introduced in versions 5.12.1, 5.15.2, 5.16.0, 5.17.0, 10.0.0, 10.1.1, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, and 10.7.1 of Jira Service Management Data Center. This Improper Authorization vulnerability, with a CVSS Score of 8.8 and a...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026

Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

Exploit for Missing Authorization in Scshr Hr_Portal

CVE-2025-48734: Apache Commons BeanUtils – enum declaredClass...

Security Bulletin: IBM Datapower Operations Dashboard may allow remote attackers to access the ClassLoader and execute arbitrary code CVE-2025-48734

Summary Apache Commons is used by the IBM Datapower Operations Dashboard in their Java components utility implementation Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. Th...

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-48976 DESCRIPTION: Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons...

MiracleLinux 9 : apache-commons-beanutils-1.9.4-10.el9_6 (AXSA:2026-249:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2026-249:01 advisory. commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default CVE-2025-48734 Tenable has...

Security Bulletin: IBM Event Streams is vulnerable to improper access control

Summary IBM Event Streams is vulnerable to improper access control leading to potential classloader access in Apache Commons BeanUtils CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class w...

Oracle E-Business Suite (January 2026 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Field Service product of Oracle E-Business Suite component: HTML Dispatch Center Apache Commons BeanUtils...

RCE (Remote Code Execution) commons-beanutils Dependency in Crowd Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an authenticated attacker to...

Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...