Lucene search
K

326 matches found

Tenable Nessus
Tenable Nessus
added 2017/04/28 12:0 a.m.133 views

H3C / HPE Intelligent Management Center RMI Java Object Deserialization RCE

The H3C or HPE Intelligent Management Center iMC web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialization of Java objects to the Apache Commons BeanUtils library via the euplat RMI registry. An unauthenticated, remote attacker can...

9.8CVSS9.3AI score0.34882EPSS
Exploits4References5
Prion
Prion
added 2017/04/24 7:59 p.m.20 views

Code injection

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...

6.5CVSS8.3AI score0.02063EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/24 7:0 p.m.27 views

CVE-2017-3503

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...

8.5AI score0.02063EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2017/04/24 7:0 p.m.12 views

CVE-2017-3503

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...

7.1AI score0.02063EPSS
Exploits0References3
CVE
CVE
added 2017/04/24 7:0 p.m.57 views

CVE-2017-3503

CVE-2017-3503 is a vulnerability in the Oracle Primavera P6 Enterprise Project Portfolio Management (P6 EPPM) Web Access component (Apache Commons BeanUtils). Affected versions: 8.3, 8.4, 15.1, 15.2, 16.1, and 16.2. The description indicates an easily exploitable issue where a low-privileged atta...

9.9CVSS8.6AI score0.02063EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/04/21 12:0 a.m.8 views

Oracle Primavera Products Remote Vulnerability

Oracle Primavera Products Suite is a suite of project portfolio management solutions from Oracle Corporation.Primavera P6 Enterprise Project Portfolio Management P6 EPPM is one of the components used for project planning, management and execution. Primavera P6 Enterprise Project Portfolio...

9.9CVSS6.9AI score0.02063EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/17 12:0 a.m.2 views

XStream has a deserialization vulnerability

XStream is a Java object and XML conversion tool . A deserialization vulnerability exists in XStream V1.4.9 when used with commons-beanutils V1.9.3. The vulnerability allows attackers to execute arbitrary code or arbitrary commands...

7.9AI score
Exploits0
NVD
NVD
added 2016/09/29 2:59 p.m.21 views

CVE-2016-4385

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC and Commons BeanUtils libraries...

7.5CVSS7.5AI score0.04362EPSS
Exploits0References4
Prion
Prion
added 2016/09/29 2:59 p.m.15 views

Design/Logic Flaw

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC and Commons BeanUtils libraries...

7.5CVSS8.1AI score0.04362EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/09/29 2:0 p.m.31 views

CVE-2016-4385

The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC and Commons BeanUtils libraries...

7.5AI score0.04362EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/07/21 12:0 a.m.46 views

GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201607-09 Commons-BeanUtils: Arbitrary code execution Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact : Remote attackers could potentially execute arbitra...

7.5CVSS7.2AI score0.96121EPSS
Exploits4References2
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.7 views

The vulnerability of WebLogic Server’s software allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability exists in Apache Commons BeanUtils, within the commons-beanutils library, due to the possibility of accessing class properties. Exploiting this vulnerability allows malicious actors to “control” the ClassLoader and execute arbitrary code using the class parameter. For example,...

7.5CVSS8.2AI score0.96121EPSS
Exploits4References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/10/30 12:0 a.m.38 views

Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)

The version of Oracle Enterprise Data Quality running on the remote host is affected by multiple vulnerabilities : - A flaw in Apache Commons BeanUtils allows a remote attacker to execute arbitrary code by manipulating the ClassLoader. CVE-2014-0114 - A flaw in Apache Tomcat allows a remote...

7.5CVSS7.2AI score0.96121EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.39 views

Oracle Identity Manager (October 2014 CPU

The remote host is missing the October 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities : - The application is affected by a vulnerability in Apache Commons BeanUtils in which ClassLoader objects can be set via the class attribute of a...

7.5CVSS7.1AI score0.96121EPSS
Exploits4References4
securityvulns
securityvulns
added 2014/06/17 12:0 a.m.84 views

Apache commons-beanutils code exeuction

ActionForm class parameter unrestricted access...

7.5CVSS2.7AI score0.96121EPSS
Exploits4References1
securityvulns
securityvulns
added 2014/06/17 12:0 a.m.149 views

[oss-security] CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE

Hi All I have raised this twice with [email protected], on 30 April and June 3. I have received no response either time, therefore I am raising it on oss-security. CVE-2014-0114 describes a well-known issue in Apache Struts 1: "It was found that the Struts 1 ActionForm object allowed access to...

7.5CVSS7.8AI score0.96121EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2014/05/14 6:6 p.m.6 views

1: Class Loader manipulation via request parameters

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.1AI score0.96121EPSS
Exploits4References4
OSV
OSV
added 2014/04/30 10:49 a.m.9 views

CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.8AI score0.96121EPSS
Exploits4References119
NVD
NVD
added 2014/04/30 10:49 a.m.26 views

CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.4AI score0.96121EPSS
Exploits4References119
OSV
OSV
added 2014/04/30 10:49 a.m.5 views

UBUNTU-CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

7.5CVSS7.2AI score0.96121EPSS
Exploits4References4
Rows per page
Query Builder