8 matches found
SUSE CVE-2025-48734
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
Atlassian Confluence 2.0 < 8.5.24 / 8.6.x < 9.2.6 / 9.3.x < 9.5.2 / 10.0.x < 10.0.3 RCE (CONFSERVER-100795)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-100795 advisory. - Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop...
Important: apache-commons-beanutils
Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...
Important: apache-commons-beanutils
Issue Overview: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not...
Apache Commons Improper Access Control vulnerability
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
DEBIAN-CVE-2025-48734
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...
CVE-2025-48734
The CVE-2025-48734 entry describes an Improper Access Control in Apache Commons BeanUtils. A BeanIntrospector was added (default-off in older behavior) to suppress the enum-declaredClass property access that could reveal a ClassLoader when external property paths are passed to PropertyUtilsBean.g...
CVE-2025-48734 Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default...