Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-10086
HistoryAug 20, 2019 - 12:00 a.m.

CVE-2019-10086

2019-08-2000:00:00
ubuntu.com
ubuntu.com
26

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.5%

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was
added which allows suppressing the ability for an attacker to access the
classloader via the class property available on all Java objects. We,
however were not using this by default characteristic of the
PropertyUtilsBean.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchcommons-beanutils< 1.9.2-3ubuntu0.1~esm1UNKNOWN
ubuntu14.04noarchcommons-beanutils< 1.9.1-1ubuntu0.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-onlyUNKNOWN
ubuntu18.04noarchcommons-beanutils< 1.9.3-1ubuntu0.1~esm1UNKNOWN

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.5%

Related for UB:CVE-2019-10086