Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-1000487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings. CVE-2017-1000487 Note...

9.8CVSS7AI score0.06543EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.24 views

RHEL 7 : opendaylight (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - plexus-utils: Mishandled strings in Commandline class allow for command injection CVE-2017-1000487 Note that Nessus...

9.8CVSS9.9AI score0.06543EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/03 2:32 p.m.37 views

Security Bulletin: Publicly disclosed vulnerabilities in Plexus-utils affect IBM Netezza Analytics

Summary Plexus-utils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2017-1000487 DESCRIPTION: Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of...

9.8CVSS1.9AI score0.06543EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:11 a.m.6 views

ai.libs.thirdparty:interruptible-meka (>=0.1.0 <=0.1.2), ai.rev.speechtotext:revai-java-sdk-speechtotext (>=1.0.0 <=1.4.0) +9775 more potentially affected by CVE-2017-1000487 via org.codehaus.plexus:plexus-utils (>=1.0.4 <=3.0.15)

org.codehaus.plexus:plexus-utils MAVEN version =1.0.4, =0.1.0, =1.0.0, =2.1.0, =1.0.0, =1.0.0, =1.0.0, =2.1.9, =2.1.9, =2.4.13 - au.com.turingg:turingg-files =0.0.1 and more Source cves: CVE-2017-1000487 Source advisory: OSV:GHSA-8VHQ-QQ4P-GRQ3...

9.8CVSS7.2AI score0.06543EPSS
Exploits0
Atlassian
Atlassian
added 2021/01/25 4:6 a.m.352 views

Code Injection and Directory Traversal in plexus-utils

This vulnerability allows unauthenticated remote attackers to inject code and XML as well as perform directory traversal via CVE-2017-1000487 - command injection sonatype-2016-0398 - directory traversal sonatype-2015-0173 - XML Injection The affected versions are before version 7.2.2, and before...

9.8CVSS3.7AI score0.06543EPSS
Exploits8Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/12/16 12:0 a.m.88 views

JFrog < 7.11.1 Multiple Vulnerabilities

According to its self-reported version number, the version of JFrog Artifactory installed on the remote host is prior to 7.11.1. It is, therefore, affected by multiple vulnerabilities: - A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This...

9.8CVSS7.6AI score0.17611EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/01 12:33 p.m.37 views

Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Plexus-utils (CVE-2017-1000487)

Summary Plexus-utils could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input. By sending contents with double quoted strings, an attacker could exploit this vulnerability to execute arbitrary commands on the system...

9.8CVSS3.3AI score0.06543EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/03/23 12:0 a.m.24 views

Debian DSA-4149-1 : plexus-utils2 - security update

Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...

9.8CVSS7.7AI score0.06543EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/03/21 12:0 a.m.31 views

Debian DSA-4146-1 : plexus-utils - security update

Charles Duffy discovered that the Commandline class in the utilities for the Plexus framework performs insufficient quoting of double-encoded strings, which could result in the execution of arbitrary shell commands. C Tenable Network Security, Inc. The descriptive text and package checks in this...

9.8CVSS7.7AI score0.06543EPSS
Exploits0References5
Debian
Debian
added 2018/03/20 8:23 p.m.30 views

[SECURITY] [DSA 4146-1] plexus-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4146-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2018 https://www.debian.org/security/faq -...

9.8CVSS9.6AI score0.06543EPSS
Exploits0
Debian
Debian
added 2018/01/09 10:5 p.m.36 views

[SECURITY] [DLA 1237-1] plexus-utils2 security update

Package : plexus-utils2 Version : 2.0.5-1+deb7u1 CVE ID : CVE-2017-1000487 Charles Duffy discovered that the Commandline class in plexus-utils2, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject...

9.8CVSS9.8AI score0.06543EPSS
Exploits0
NVD
NVD
added 2018/01/03 8:29 p.m.20 views

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS9.7AI score0.06543EPSS
Exploits0References11
OSV
OSV
added 2018/01/03 8:29 p.m.26 views

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS9.9AI score
Exploits0References11
UbuntuCve
UbuntuCve
added 2018/01/03 8:29 p.m.38 views

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS6.9AI score0.06543EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/01/03 8:0 p.m.33 views

CVE-2017-1000487

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings...

9.8CVSS8.3AI score0.06543EPSS
Exploits0
CVE
CVE
added 2018/01/03 8:0 p.m.212 views

CVE-2017-1000487

Plexus-utils (component: Plexus-utils library) is vulnerable prior to version 3.0.16 due to improper handling of contents inside double-quoted strings, enabling potential command injection. Affected product references indicate compatibility and remediation paths, with fixes available in 3.0.16 or...

9.8CVSS9.4AI score0.06543EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder