326 matches found
H3C / HPE Intelligent Management Center RMI Java Object Deserialization RCE
The H3C or HPE Intelligent Management Center iMC web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialization of Java objects to the Apache Commons BeanUtils library via the euplat RMI registry. An unauthenticated, remote attacker can...
Code injection
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...
CVE-2017-3503
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...
CVE-2017-3503
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access Apache Commons BeanUtils. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows low...
CVE-2017-3503
CVE-2017-3503 is a vulnerability in the Oracle Primavera P6 Enterprise Project Portfolio Management (P6 EPPM) Web Access component (Apache Commons BeanUtils). Affected versions: 8.3, 8.4, 15.1, 15.2, 16.1, and 16.2. The description indicates an easily exploitable issue where a low-privileged atta...
Oracle Primavera Products Remote Vulnerability
Oracle Primavera Products Suite is a suite of project portfolio management solutions from Oracle Corporation.Primavera P6 Enterprise Project Portfolio Management P6 EPPM is one of the components used for project planning, management and execution. Primavera P6 Enterprise Project Portfolio...
XStream has a deserialization vulnerability
XStream is a Java object and XML conversion tool . A deserialization vulnerability exists in XStream V1.4.9 when used with commons-beanutils V1.9.3. The vulnerability allows attackers to execute arbitrary code or arbitrary commands...
CVE-2016-4385
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC and Commons BeanUtils libraries...
Design/Logic Flaw
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC and Commons BeanUtils libraries...
CVE-2016-4385
The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC and Commons BeanUtils libraries...
GLSA-201607-09 : Commons-BeanUtils: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201607-09 Commons-BeanUtils: Arbitrary code execution Apache Commons BeanUtils does not suppress the class property, which allows for the manipulation of the ClassLoader. Impact : Remote attackers could potentially execute arbitra...
The vulnerability of WebLogic Server’s software allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability exists in Apache Commons BeanUtils, within the commons-beanutils library, due to the possibility of accessing class properties. Exploiting this vulnerability allows malicious actors to “control” the ClassLoader and execute arbitrary code using the class parameter. For example,...
Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)
The version of Oracle Enterprise Data Quality running on the remote host is affected by multiple vulnerabilities : - A flaw in Apache Commons BeanUtils allows a remote attacker to execute arbitrary code by manipulating the ClassLoader. CVE-2014-0114 - A flaw in Apache Tomcat allows a remote...
Oracle Identity Manager (October 2014 CPU
The remote host is missing the October 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities : - The application is affected by a vulnerability in Apache Commons BeanUtils in which ClassLoader objects can be set via the class attribute of a...
Apache commons-beanutils code exeuction
ActionForm class parameter unrestricted access...
[oss-security] CVE request for commons-beanutils: 'class' property is exposed, potentially leading to RCE
Hi All I have raised this twice with [email protected], on 30 April and June 3. I have received no response either time, therefore I am raising it on oss-security. CVE-2014-0114 describes a well-known issue in Apache Struts 1: "It was found that the Struts 1 ActionForm object allowed access to...
1: Class Loader manipulation via request parameters
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...
UBUNTU-CVE-2014-0114
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...