Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2014-0114...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for June 2024.

Summary In addition to OS level package updates, multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF034 and 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated...

RHSA-2019:4317 Red Hat Security Advisory: rh-maven35-apache-commons-beanutils security update

Bulletin has no description...

RHSA-2020:0194 Red Hat Security Advisory: apache-commons-beanutils security update

Bulletin has no description...

RHSA-2020:0057 Red Hat Security Advisory: rh-java-common-apache-commons-beanutils security update

Bulletin has no description...

apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default

A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader...

OPENSUSE-SU-2024:10617-1 apache-commons-beanutils-1.9.4-3.7 on GA media

These are all security issues fixed in the apache-commons-beanutils-1.9.4-3.7 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:10026-1 apache-commons-beanutils-1.9.2-4.5 on GA media

These are all security issues fixed in the apache-commons-beanutils-1.9.2-4.5 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Beanutils

Summary Multiple vulnerabilities have been identified in Apache Commons Beanutils, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2019-10086 DESCRIPTION: Apache...

RHEL 5 : apache-commons-beanutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 Not...

RHEL 6 : apache-commons-beanutils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-10086 Not...

Commons-BeanUtils: Improper Access Restriction

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description A vulnerability has been discovered in Commons-BeanUtils. Please review the CVE identifier referenced below for details. Impact Please review the referenced CVE identifiers for details...

GLSA-202405-21 : Commons-BeanUtils: Improper Access Restriction

The remote host is affected by the vulnerability described in GLSA-202405-21 Commons-BeanUtils: Improper Access Restriction - In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class...

RHEL 7 : rh-maven35-apache-commons-beanutils (RHSA-2019:4317)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:4317 advisory. The rh-maven35-apache-commons-beanutils package provides Java utility methods for accessing and modifying properties of arbitrary JavaBeans. Security...

Security Bulletin: B2B API of IBM Sterling B2B Integrator vulnerable to remote code execution due to Apache Commons BeanUtils (CVE-2014-0114)

Summary IBM Sterling B2B Integrator uses Apache Commons BeanUtils. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2014-0114 DESCRIPTION: Apache Commons BeanUtils, as distributed in lib/commons-beanutils in Apache Struts could allow a...

Fedora: Security Advisory for apache-commons-beanutils (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: apache-commons-beanutils-1.9.4-19.fc40

The scope of this package is to create a package of Java utility methods for accessing and modifying the properties of arbitrary JavaBeans. No dependencies outside of the JDK are required, so the use of this package is very lightweight...

Oracle Business Intelligence Enterprise Edition (October 2023 CPU)

The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the October 2023 CPU advisory, including the following: - Vulnerability in the Oracle Business Intelligence Enterprise Edition product of...