Security Bulletin: IBM Event Streams is vulnerable to improper access control

Summary IBM Event Streams is vulnerable to improper access control leading to potential classloader access in Apache Commons BeanUtils CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class w...

RCE (Remote Code Execution) commons-beanutils Dependency in Crowd Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H allows an authenticated attacker to...

Security Bulletin: Vulnerabilities in Apache Commons affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Apache Commons has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION:...

Security Bulletin: due to the use of Apache Commons BeanUtils, IBM Transformation Extender Advanced is vulnerable to Improper Access Control vulnerability

Summary Apache Commons BeanUtils is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers . CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A...

Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector

Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

TencentOS Server 2: apache-commons-beanutils (TSSA-2025:0654)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0654 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product dependency with BA client code.

Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws mentioned in CVE-2025-48734. : using the "commons-beanutils-1.8.3.jar" can allow the attacker can get control on the declared class property of Java enum objects to get access to the classloader...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Improper Access Control vulnerability in Apache Commons

Summary Apache Commons BeanUtils: PropertyUtilsBean Does Not Suppresses An Enum's DeclaredClass Property By Default. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...

AlmaLinux 10 : apache-commons-beanutils (ALSA-2025:9166)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:9166 advisory. commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default CVE-2025-48734 Tenable has extracte...

RockyLinux 9 : apache-commons-beanutils (RLSA-2025:9114)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2025:9114 advisory. commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default CVE-2025-48734 Tenable has extracte...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

RHEL 9 : Red Hat Product OCP Tools 4.16 OpenShift Jenkins (RHSA-2025:15811)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15811 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...

RHEL 9 : Red Hat Product OCP Tools 4.19 OpenShift Jenkins (RHSA-2025:15812)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15812 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Apache Commons.

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Apache Commons. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was add...

Fedora 41 : apache-commons-beanutils (2025-3eb7c0066f)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3eb7c0066f advisory. Fix improper access control vulnerability Resolves: CVE-2025-48734 Tenable has extracted the preceding description block directly from the Fedora security...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

Debian dla-4229 : libcommons-beanutils-java - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4229 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4229-1 [email protected] https://www.debian.org/lts/security/...

DEBIAN-CVE-2025-48734

Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...

1: Class Loader manipulation via request parameters

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

1: Class Loader manipulation via request parameters

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...