Commons-BeanUtils: Arbitary Code Execution

Background Commons-beanutils provides easy-to-use wrappers around Reflection and Introspection APIs Description Multiple vulnerabilities have been discovered in Commons-BeanUtils. Please review the CVE identifiers referenced below for details. Impact A special BeanIntrospector class was added in...

Security Bulletin: A vulnerability in Apache common-beanutils affects IBM Db2 Big SQL on Cloud Pak for Data

Summary A vulnerability in Apache common-beanutils 1.9.4 affects IBM Db2 Big SQL 8.2 on Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2...

Security Bulletin: Vulnerabilities in Apache Commons affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Apache Commons has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION:...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2025.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in...

Security Bulletin: due to the use of Apache Commons BeanUtils, IBM Transformation Extender Advanced is vulnerable to Improper Access Control vulnerability

Summary Apache Commons BeanUtils is used by IBM Transformation Extender Advanced also known as IBM Standards Processing Engine as part of common utility helpers . CVE-2024-47554 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A...

Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector

Summary Multiple vulnerabilities were addressed in IBM Disconnected Log Collector version 2.0.0. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

Security Bulletin: IBM Jazz Reporting Service is affected by improper access control due to Apache Commons

Summary Apache Commons is used internally by IBM Jazz Reporting Service CVE-2025-48734 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Improper Access Control (CVE-2025-48734)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the improper access control vulnerability Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2...

TencentOS Server 4: apache-commons-beanutils (TSSA-2025:0562)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0562 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 2: apache-commons-beanutils (TSSA-2025:0654)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0654 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

Mageia: Security Advisory (MGASA-2025-0299)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0299 Updated apache-commons-beanutils packages fix security vulnerability

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...

Updated apache-commons-beanutils packages fix security vulnerability

Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default. CVE-2025-48734...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to improper access control [CVE-2025-48734]

Summary Apache Commons Beanutils is used by IBM App Connect Enterprise Certified Container when using MQ FTE. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands that run flows that use MQ FTE are vulnerable to improper access contro...

Security Bulletin: Multiple Vulnerabilities affect IBM Tivoli Netcool Impact

Summary Multiple vulnerabilities were addressed in IBM Tivoli Netcool Impact version 7.1.0.37 Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Apache Commons (CVE-2025-48734)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-48734 of Improper Access Control in Apache Commons. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version...

Security Bulletin: Improper Access Control vulnerability in Apache Commons BeanUtils library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2025-48734)

Summary Apache Commons BeanUtils library is used by Tivoli Netcool/OMNIbus WebGUI as part of Filter builder, View builder and Tool admin component. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was...

Security Bulletin: vulerability in IBM Spectrum Symphony with Apache Commons

Summary vulerability in IBM Spectrum Symphony with Apache Commons Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declare...

Security Bulletin: JAVA related vulnerabilities in IBM SP Enterprise Resource Planning (ERP) effected the ERP product dependency with BA client code.

Summary IBM Storage Protect Enterprise Resource Planning can be affected by security flaws mentioned in CVE-2025-48734. : using the "commons-beanutils-1.8.3.jar" can allow the attacker can get control on the declared class property of Java enum objects to get access to the classloader...

Oracle JDeveloper DoS (October 2025 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by a vulnerability as referenced in the October 2025 CPU advisory. - Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware component: ADF, ADF Faces Apache...