Lucene search
+L

161 matches found

ibm
ibm
added 2023/01/24 7:54 a.m.135 views

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]

Summary IBM Sterling Partner Engagement Manager has addressed a Publicly disclosed vulnerability that are published by Apache Commons - Collections v3.2.1 CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary...

9.8CVSS9.9AI score0.99931EPSS
Exploits42Affected Software1
nessus
nessus
added 2023/01/20 12:0 a.m.56 views

Oracle Primavera Gateway (Jan 2023 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2023 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Google Protobuf-Java. Supported versions...

9.8CVSS7.3AI score0.99931EPSS
Exploits45References7
ibm
ibm
added 2023/01/19 11:52 a.m.72 views

Security Bulletin: IBM Spectrum Conductor is vulnerable to arbitrary code execution [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Spectrum Conductor in Spark 3.0.1. This bulletin provides interim fixes which include Apache Commons Text 1.10.0 to fix arbitrary code execution in IBM Spectrum Conductor. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache...

9.8CVSS9.8AI score0.99931EPSS
Exploits42Affected Software1
redhat
redhat
added 2023/01/18 2:55 p.m.8 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.4AI score0.99931EPSS
Exploits42References7
vulncheck_kev
vulncheck_kev
added 2023/01/12 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-42889

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the...

9.8CVSS6.9AI score0.99931EPSS
Exploits42References1
gentoo
gentoo
added 2023/01/11 12:0 a.m.59 views

Apache Commons Text: Arbitrary Code Execution

Background Apache Commons Text is a library focused on algorithms working on strings. Description Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "$prefix:name", where "prefix" is used to...

9.8CVSS3.5AI score0.99931EPSS
Exploits42
nessus
nessus
added 2023/01/11 12:0 a.m.45 views

GLSA-202301-05 : Apache Commons Text: Arbitrary Code Execution

The remote host is affected by the vulnerability described in GLSA-202301-05 Apache Commons Text: Arbitrary Code Execution - Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is $prefix:name,...

9.8CVSS8.5AI score0.99931EPSS
Exploits42References3
ibm
ibm
added 2023/01/04 11:29 p.m.38 views

Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...

9.8CVSS9.8AI score0.99931EPSS
Exploits42Affected Software1
ibm
ibm
added 2022/12/29 6:26 a.m.95 views

Security Bulletin: IBM Synthetic Playback Agent is vulnerable due to its use of Apache Commons Text [CVE-2022-42889]

Summary Synthetic Playback Agent version 8.1.4 IF17 has addressed the following vulnerability: CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation...

9.8CVSS9.8AI score0.99931EPSS
Exploits42Affected Software1
ibm
ibm
added 2022/12/15 3:9 a.m.42 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sendi...

10CVSS10AI score0.99931EPSS
Exploits47Affected Software1
redhat
redhat
added 2022/12/14 1:15 p.m.15 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.4AI score0.99931EPSS
Exploits42References7
redhat
redhat
added 2022/12/08 1:25 p.m.97 views

Moderate: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update

A minor version update from 3.14.5 to 3.18.3 is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

9.8CVSS7AI score0.99931EPSS
Exploits42References5
redhat
redhat
added 2022/12/08 1:25 p.m.5 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.4AI score0.99931EPSS
Exploits42References7
ibm
ibm
added 2022/12/08 4:10 a.m.66 views

Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9

Summary IBM Data Risk Manager IDRM 2.0.6.14, which is the only supported version, is impacted by multiple vulnerabilities including Apache Commons Text 1.9 CVE-2022-42889. The vulnerabilities have been addressed in the updated version of IDRM 2.0.6.15 which includes Apache Commons Text 1.10. Plea...

9.8CVSS10AI score0.99931EPSS
Exploits70Affected Software1
githubexploit
githubexploit
added 2022/12/07 5:58 p.m.354 views

Exploit for Code Injection in Apache Commons_Text

Text4shell-exploit This is a Proof of Concept exploiting the v...

9.8CVSS8.7AI score0.99931EPSS
Exploits42
redhat
redhat
added 2022/12/07 8:19 a.m.7 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.4AI score0.99931EPSS
Exploits42References7
ibm
ibm
added 2022/11/30 2:32 p.m.52 views

Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]

Summary Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. CVE-2022-42889 Vulnerability Details CVEID:CVE-2022-428...

9.8CVSS9.8AI score0.99931EPSS
Exploits42Affected Software1
ibm
ibm
added 2022/11/30 10:26 a.m.42 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Text [CVE-2022-42889]

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Text. CVE-2022-42889 This has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system,...

9.8CVSS9.8AI score0.99931EPSS
Exploits42Affected Software1
ibm
ibm
added 2022/11/28 4:28 p.m.45 views

Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Text [CVE-2022-42889]

Summary IBM Sterling Connect:Direct for UNIX components Install Agent and File Agent are vulnerable to remote code execution due to Apache Commons Text CVE-2022-42889. Apache Commons Text has been upgraded to version 1.10.0 in IBM Sterling Connect:Direct for UNIX Install Agent and File Agent...

9.8CVSS10AI score0.99931EPSS
Exploits42Affected Software1
redhat
redhat
added 2022/11/28 2:39 p.m.6 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.4AI score0.99931EPSS
Exploits42References7
Rows per page
Query Builder