161 matches found
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]
Summary IBM Sterling Partner Engagement Manager has addressed a Publicly disclosed vulnerability that are published by Apache Commons - Collections v3.2.1 CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary...
Oracle Primavera Gateway (Jan 2023 CPU)
The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Google Protobuf-Java. Supported versions...
Security Bulletin: IBM Spectrum Conductor is vulnerable to arbitrary code execution [CVE-2022-42889]
Summary Apache Commons Text is used by IBM Spectrum Conductor in Spark 3.0.1. This bulletin provides interim fixes which include Apache Commons Text 1.10.0 to fix arbitrary code execution in IBM Spectrum Conductor. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
VulnCheck KEV: CVE-2022-42889
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the...
Apache Commons Text: Arbitrary Code Execution
Background Apache Commons Text is a library focused on algorithms working on strings. Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to...
GLSA-202301-05 : Apache Commons Text: Arbitrary Code Execution
The remote host is affected by the vulnerability described in GLSA-202301-05 Apache Commons Text: Arbitrary Code Execution - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is $prefix:name,...
Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]
Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...
Security Bulletin: IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]
Summary Synthetic Playback Agent version 8.1.4 IF17 has addressed the following vulnerability: CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sendi...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
Moderate: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update
A minor version update from 3.14.5 to 3.18.3 is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9
Summary IBM Data Risk Manager IDRM 2.0.6.14, which is the only supported version, is impacted by multiple vulnerabilities including Apache Commons Text 1.9 CVE-2022-42889. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.15 which includes Apache Commons Text 1.10. Plea...
Exploit for Code Injection in Apache Commons_Text
Text4shell-exploit This is a Proof of Concept exploiting the v...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...
Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]
Summary Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-428...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Text [CVE-2022-42889]
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Text. CVE-2022-42889 This has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system,...
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]
Summary IBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Text CVE-2022-42889. Apache Commons Text has been upgraded to version 1.10.0 in IBM Sterling Connect:Direct for UNIX Install Agent and File Agent...
apache-commons-text: variable interpolation RCE
A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...