Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-10086 (GCVE-0-2019-10086)
Vulnerability from cvelistv5 – Published: 2019-08-20 20:10 – Updated: 2024-08-04 22:10
VLAI
EPSS
Summary
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
55 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache | Apache Commons Beanutils |
Affected:
Apache Commons Beanutils 1.0 to 1.9.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Commons Beanutils",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "Apache Commons Beanutils 1.0 to 1.9.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T17:59:36.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Commons Beanutils",
"version": {
"version_data": [
{
"version_value": "Apache Commons Beanutils 1.0 to 1.9.3"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-10086",
"datePublished": "2019-08-20T20:10:15.000Z",
"dateReserved": "2019-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:10:09.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-10086",
"date": "2026-05-29",
"epss": "0.01239",
"percentile": "0.79547"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-10086\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2019-08-20T21:15:12.057\",\"lastModified\":\"2024-11-21T04:18:22.250\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.\"},{\"lang\":\"es\",\"value\":\"En Apache Commons Beanutils 1.9.2, se agreg\u00f3 una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a trav\u00e9s de la propiedad de clase disponible en todos los objetos Java. Sin embargo, no se esta usando esta caracter\u00edstica por defecto de PropertyUtilsBean.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndIncluding\":\"1.9.3\",\"matchCriteriaId\":\"B0491CF4-E0CF-45FC-962E-92E32E2C3C80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28B78CAF-8752-4963-9E5E-B22AE2034A5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8C187CC-B24E-4DD1-A184-5ADC8A920D08\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1E78106-58E6-4D59-990F-75DA575BFAD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83737173-E12E-4641-BC49-0BD84A6B29D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7431ABC1-9252-419E-8CC1-311B41360078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17F256A9-D3B9-4C72-B013-4EFD878BFEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0952BA1A-5DF9-400F-B01F-C3A398A8A2D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0FEFCDD-A212-4525-B449-2C4A00A0D2E9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED43772F-D280-42F6-A292-7198284D6FE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*\",\"matchCriteriaId\":\"86527C36-B25B-429D-9506-8899918D8C76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"E4C94F08-3C74-477E-9715-CABE3A3E3A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*\",\"matchCriteriaId\":\"5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"AEB46F47-012E-4C1B-AF76-458197482585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2BEE49E-A5AA-42D3-B422-460454505480\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB9FC9AB-1070-420F-870E-A5EC43A924A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.2\",\"matchCriteriaId\":\"D0DBC938-A782-433F-8BF1-CA250C332AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E39D442D-1997-49AF-8B02-5640BE2A26CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55E0B453-E528-43AF-8244-7C4B201921D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3732921-FEA4-4B50-A1C9-13BC13F64C2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBFFAD49-21CB-4554-870F-31D0AB0E7366\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC9A5185-F623-48C2-8364-A3303D1566DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A298F7E8-0E0B-49EA-B952-C7BB2275EA67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93BE4838-1144-4A6A-ABDB-F2766E64C91C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B54457C-8305-4F82-BE1E-DBA030A8E676\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C756C62B-E655-4770-8E85-B1995889E416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"987811D5-DA5E-493D-8709-F9231A84E5F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0912F464-5F38-4BBB-9E68-65CE34306E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64BCB9E3-883D-4C1F-9785-2E182BA47B5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B21E6EEF-2AB7-4E96-B092-1F49D11B4175\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00E9A2B1-7562-4E6B-AE25-1B647F24EFDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7B49D71-6A31-497A-B6A9-06E84F086E7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"727DF4F5-3D21-491E-96B9-EC973A6C9C18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32595B1B-ADAE-4930-AF88-910121EE8310\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CCE1968-016C-43C1-9EE1-FD9F978B688F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B5DBF4C-84BB-4537-BD8D-E10C5A4B69F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6762F207-93C7-4363-B2F9-7A7C6F8AF993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B74B912-152D-4F38-9FC1-741D6D0B27FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"517ADEF7-97A4-4A3F-874D-5D1B25FA24D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2177A5E9-B260-499E-8D60-920679518425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6329B1A2-75A8-4909-B4FB-77AC7232B6ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B43A9C25-CBB7-42C8-99AF-0ED8208F315E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9059A907-508B-4844-8D7B-0FA68C0DF6A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C5D8850-6CA4-44D9-8763-6E94ED3A7EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67976376-4DD9-4DFD-9C13-59F0279CA2D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1817C30-7B0B-441A-9567-B8DD7C6E646C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95D6A426-B914-401F-9AB0-5F5E3A3FE138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCBF2756-B831-4E6E-A15B-2A11DD48DB7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72B87E98-5FB9-42AA-B056-77EFD2A6CC06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.3\",\"matchCriteriaId\":\"A0A366B8-1B5C-4C9E-A761-1AB1547D7404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1975B24B-BCFE-4418-A496-B5B9F0CF5D28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.5.3\",\"matchCriteriaId\":\"4BCA7DD9-8599-4E43-9D82-999BE15483B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CE8CCE2-4151-4724-B3B5-01E5223D3B57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEB3BE9F-44AC-4EE0-9E66-2B72CF4AF0F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99BA317E-3C52-4BAF-B61C-803B7208C155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"929638B0-AAD1-4326-9549-2FA8D03AA7ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.2.0\",\"versionEndIncluding\":\"16.2.11\",\"matchCriteriaId\":\"06CF27F6-ADC1-480C-9D2E-2BD1E7330C32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.6\",\"matchCriteriaId\":\"BA6FCD1C-9093-4630-8016-B70F25C34358\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"456A6845-ACE0-4553-8350-A5E624B99EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56239DBD-E294-44A4-9DD3-CEEC58C1BC0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0735989-13BD-40B3-B954-AC0529C5B53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58405263-E84C-4071-BB23-165D49034A00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48E25E7C-F7E8-4739-8251-00ACD11C12FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910D3825-F28D-4C6C-B7D6-D8A92BCAB65B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E13DF2AE-F315-4085-9172-6C8B21AF1C9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21973CDD-D16E-4321-9F8E-67F4264D7C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"891E192D-BA12-4D89-8D18-C93D2F26A369\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B7A1B92-41CE-4DD8-B0BB-992296DDBB2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFC5F424-119D-4C66-8251-E735EEFBC0BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDB925C6-2CBC-4D88-B9EA-F246F4F7A206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DA6839-849D-4CEF-85F3-38FE75E07183\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCE78490-A4BE-40BD-8C72-0A4526BBD4A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55AE3629-4A66-49E4-A33D-6D81CC94962F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EA2023A-1AD6-41FE-A214-9D1F6021D6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5599457B-66C6-4549-8B1F-669EB3D3D2B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B450108-E2A5-4F01-AF06-47AD1A5BDFE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.2.6\",\"versionEndIncluding\":\"12.2.11\",\"matchCriteriaId\":\"19A74710-0E0F-4123-A64C-0684824D13CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0.1.0\",\"versionEndIncluding\":\"4.3.0.6.0\",\"matchCriteriaId\":\"51309958-121D-4649-AB9A-EBFA3A49F7CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5435B365-BFF3-4A9E-B45C-42D8F1E20FB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F906F04-39E4-4BE4-8A73-9D058AAADB43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B393A82-476A-4270-A903-38ED4169E431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40B13B7-68B3-4510-968C-6A730EB46462\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e\",\"source\":\"security@apache.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4317\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0057\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0194\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0804\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0805\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0806\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0811\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4317\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0805\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0806\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0811\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2019-10086
Vulnerability from fkie_nvd - Published: 2019-08-20 21:15 - Updated: 2024-11-21 04:18
Severity
Summary
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0491CF4-E0CF-45FC-962E-92E32E2C3C80",
"versionEndIncluding": "1.9.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B78CAF-8752-4963-9E5E-B22AE2034A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8C187CC-B24E-4DD1-A184-5ADC8A920D08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0FEFCDD-A212-4525-B449-2C4A00A0D2E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*",
"matchCriteriaId": "86527C36-B25B-429D-9506-8899918D8C76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*",
"matchCriteriaId": "E4C94F08-3C74-477E-9715-CABE3A3E3A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
"matchCriteriaId": "5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*",
"matchCriteriaId": "AEB46F47-012E-4C1B-AF76-458197482585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "55E0B453-E528-43AF-8244-7C4B201921D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3732921-FEA4-4B50-A1C9-13BC13F64C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFFAD49-21CB-4554-870F-31D0AB0E7366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9A5185-F623-48C2-8364-A3303D1566DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A298F7E8-0E0B-49EA-B952-C7BB2275EA67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93BE4838-1144-4A6A-ABDB-F2766E64C91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B54457C-8305-4F82-BE1E-DBA030A8E676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C756C62B-E655-4770-8E85-B1995889E416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCB9E3-883D-4C1F-9785-2E182BA47B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "727DF4F5-3D21-491E-96B9-EC973A6C9C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32595B1B-ADAE-4930-AF88-910121EE8310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCE1968-016C-43C1-9EE1-FD9F978B688F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5DBF4C-84BB-4537-BD8D-E10C5A4B69F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "517ADEF7-97A4-4A3F-874D-5D1B25FA24D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2177A5E9-B260-499E-8D60-920679518425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B43A9C25-CBB7-42C8-99AF-0ED8208F315E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9059A907-508B-4844-8D7B-0FA68C0DF6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5D8850-6CA4-44D9-8763-6E94ED3A7EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67976376-4DD9-4DFD-9C13-59F0279CA2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1817C30-7B0B-441A-9567-B8DD7C6E646C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6A426-B914-401F-9AB0-5F5E3A3FE138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72B87E98-5FB9-42AA-B056-77EFD2A6CC06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A366B8-1B5C-4C9E-A761-1AB1547D7404",
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1975B24B-BCFE-4418-A496-B5B9F0CF5D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCA7DD9-8599-4E43-9D82-999BE15483B9",
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE8CCE2-4151-4724-B3B5-01E5223D3B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB3BE9F-44AC-4EE0-9E66-2B72CF4AF0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "99BA317E-3C52-4BAF-B61C-803B7208C155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "929638B0-AAD1-4326-9549-2FA8D03AA7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6FCD1C-9093-4630-8016-B70F25C34358",
"versionEndIncluding": "17.12.6",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "456A6845-ACE0-4553-8350-A5E624B99EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "910D3825-F28D-4C6C-B7D6-D8A92BCAB65B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "891E192D-BA12-4D89-8D18-C93D2F26A369",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7A1B92-41CE-4DD8-B0BB-992296DDBB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5F424-119D-4C66-8251-E735EEFBC0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5599457B-66C6-4549-8B1F-669EB3D3D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5B450108-E2A5-4F01-AF06-47AD1A5BDFE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19A74710-0E0F-4123-A64C-0684824D13CA",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
},
{
"lang": "es",
"value": "En Apache Commons Beanutils 1.9.2, se agreg\u00f3 una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a trav\u00e9s de la propiedad de clase disponible en todos los objetos Java. Sin embargo, no se esta usando esta caracter\u00edstica por defecto de PropertyUtilsBean."
}
],
"id": "CVE-2019-10086",
"lastModified": "2024-11-21T04:18:22.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-20T21:15:12.057",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"source": "security@apache.org",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"source": "security@apache.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-6PHF-73Q6-GH87
Vulnerability from github – Published: 2020-06-15 20:36 – Updated: 2022-02-08 22:07
VLAI
Summary
Insecure Deserialization in Apache Commons Beanutils
Details
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Severity
7.3 (High)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "commons-beanutils:commons-beanutils"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10086"
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-11T15:08:49Z",
"nvd_published_at": "2019-08-20T21:15:00Z",
"severity": "HIGH"
},
"details": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.",
"id": "GHSA-6phf-73q6-gh87",
"modified": "2022-02-08T22:07:58Z",
"published": "2020-06-15T20:36:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/commons-beanutils"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"type": "WEB",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Insecure Deserialization in Apache Commons Beanutils"
}
GSD-2019-10086
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-10086",
"description": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.",
"id": "GSD-2019-10086",
"references": [
"https://www.suse.com/security/cve/CVE-2019-10086.html",
"https://access.redhat.com/errata/RHSA-2020:3587",
"https://access.redhat.com/errata/RHSA-2020:3247",
"https://access.redhat.com/errata/RHSA-2020:3197",
"https://access.redhat.com/errata/RHSA-2020:3192",
"https://access.redhat.com/errata/RHSA-2020:2740",
"https://access.redhat.com/errata/RHSA-2020:2619",
"https://access.redhat.com/errata/RHSA-2020:2333",
"https://access.redhat.com/errata/RHSA-2020:2321",
"https://access.redhat.com/errata/RHSA-2020:2067",
"https://access.redhat.com/errata/RHSA-2020:1454",
"https://access.redhat.com/errata/RHSA-2020:1308",
"https://access.redhat.com/errata/RHSA-2020:0951",
"https://access.redhat.com/errata/RHSA-2020:0899",
"https://access.redhat.com/errata/RHSA-2020:0811",
"https://access.redhat.com/errata/RHSA-2020:0806",
"https://access.redhat.com/errata/RHSA-2020:0805",
"https://access.redhat.com/errata/RHSA-2020:0804",
"https://access.redhat.com/errata/RHBA-2020:0496",
"https://access.redhat.com/errata/RHSA-2020:0194",
"https://access.redhat.com/errata/RHSA-2020:0057",
"https://access.redhat.com/errata/RHSA-2019:4317",
"https://advisories.mageia.org/CVE-2019-10086.html",
"https://linux.oracle.com/cve/CVE-2019-10086.html",
"https://ubuntu.com/security/CVE-2019-10086"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-10086"
],
"details": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.",
"id": "GSD-2019-10086",
"modified": "2023-12-13T01:23:59.762606Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Commons Beanutils",
"version": {
"version_data": [
{
"version_value": "Apache Commons Beanutils 1.0 to 1.9.3"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "FEDORA-2019-79b5790566",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "RHSA-2019:4317",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "RHSA-2020:0194",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.9.3]",
"affected_versions": "All versions up to 1.9.3",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-502",
"CWE-937"
],
"date": "2019-09-03",
"description": "In Apache Commons Beanutils, a special `BeanIntrospector` class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.",
"fixed_versions": [
"1.9.4"
],
"identifier": "CVE-2019-10086",
"identifiers": [
"CVE-2019-10086"
],
"not_impacted": "All versions after 1.9.3",
"package_slug": "maven/commons-beanutils/commons-beanutils",
"pubdate": "2019-08-20",
"solution": "Upgrade to version 1.9.4 or above.",
"title": "Deserialization of Untrusted Data",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-10086",
"http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e",
"https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E"
],
"uuid": "b1794c16-e802-4be1-9778-372d79481103"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.9.3",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.6",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.5.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-10086"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e"
},
{
"name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
},
{
"name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "openSUSE-SU-2019:2058",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
},
{
"name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E"
},
{
"name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E"
},
{
"name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E"
},
{
"name": "FEDORA-2019-79b5790566",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
},
{
"name": "FEDORA-2019-bcad44b5d6",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
},
{
"name": "RHSA-2019:4317",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"name": "RHSA-2020:0057",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "RHSA-2020:0194",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E"
},
{
"name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
},
"lastModifiedDate": "2022-07-25T18:15Z",
"publishedDate": "2019-08-20T21:15Z"
}
}
}
NCSC-2024-0294
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:52 - Updated: 2024-07-17 13:52Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Communications.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-681: Incorrect Conversion between Numeric Types
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-918: Server-Side Request Forgery (SSRF)
CWE-192: Integer Coercion Error
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222: Truncation of Security-relevant Information
CWE-284: Improper Access Control
CWE-295: Improper Certificate Validation
CWE-345: Insufficient Verification of Data Authenticity
CWE-352: Cross-Site Request Forgery (CSRF)
CWE-390: Detection of Error Condition Without Action
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-405: Asymmetric Resource Consumption (Amplification)
CWE-416: Use After Free
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-450: Multiple Interpretations of UI Input
CWE-459: Incomplete Cleanup
CWE-476: NULL Pointer Dereference
CWE-502: Deserialization of Untrusted Data
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-502
- Deserialization of Untrusted Data
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-22
- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-192
- Integer Coercion Error
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*
|
— | |
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-400
- Uncontrolled Resource Consumption
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.2 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
8.1 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.4 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
5.4 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
communications_asap
oracle
|
cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*
|
— |
References
80 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Communications.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
},
{
"category": "general",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
},
{
"category": "general",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "general",
"text": "Incomplete Cleanup",
"title": "CWE-459"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41184"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48174"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37920"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5685"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0450"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22019"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22257"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22262"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23672"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23807"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23897"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24549"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25062"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25710"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26130"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27316"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28182"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28752"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2961"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34064"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34069"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications",
"tracking": {
"current_release_date": "2024-07-17T13:52:53.293003Z",
"id": "NCSC-2024-0294",
"initial_release_date": "2024-07-17T13:52:53.293003Z",
"revision_history": [
{
"date": "2024-07-17T13:52:53.293003Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-204629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "communications_asap",
"product": {
"name": "communications_asap",
"product_id": "CSAFPID-816792",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-10086",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10086.json"
}
],
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-29425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json"
}
],
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-37533",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-37533",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-37533"
},
{
"cve": "CVE-2021-41184",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-41184",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-204629",
"CSAFPID-816792"
]
}
],
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-204629",
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-36033",
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-36033",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-42890",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42890",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42890.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-48174",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-48174",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2022-48174"
},
{
"cve": "CVE-2023-5685",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5685",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-5685"
},
{
"cve": "CVE-2023-24998",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-24998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json"
}
],
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-37920",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Insufficient Verification of Data Authenticity",
"title": "CWE-345"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-37920",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-37920"
},
{
"cve": "CVE-2023-44487",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-44487",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-51775",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-51775",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-51775"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52425",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0450",
"cwe": {
"id": "CWE-450",
"name": "Multiple Interpretations of UI Input"
},
"notes": [
{
"category": "other",
"text": "Multiple Interpretations of UI Input",
"title": "CWE-450"
},
{
"category": "other",
"text": "Asymmetric Resource Consumption (Amplification)",
"title": "CWE-405"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-0450",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-6162",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6162",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-6162"
},
{
"cve": "CVE-2024-22019",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22019",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22019"
},
{
"cve": "CVE-2024-22201",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22201"
},
{
"cve": "CVE-2024-22234",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22234"
},
{
"cve": "CVE-2024-22257",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22257",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-23672",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"notes": [
{
"category": "other",
"text": "Incomplete Cleanup",
"title": "CWE-459"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23672",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2024-23897",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"title": "CWE-88"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23897",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-23897"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-25710",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25710",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26130",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26130",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-27316",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-27316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-27316"
},
{
"cve": "CVE-2024-28182",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Detection of Error Condition Without Action",
"title": "CWE-390"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28182",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28752",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28752",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28752.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28752"
},
{
"cve": "CVE-2024-28849",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28849",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29025",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-29025",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json"
}
],
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-34064",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34064",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34064"
},
{
"cve": "CVE-2024-34069",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "other",
"text": "Cross-Site Request Forgery (CSRF)",
"title": "CWE-352"
}
],
"product_status": {
"known_affected": [
"CSAFPID-816792"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34069",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-816792"
]
}
],
"title": "CVE-2024-34069"
}
]
}
OPENSUSE-SU-2019:2058-1
Vulnerability from csaf_opensuse - Published: 2019-09-02 18:18 - Updated: 2019-09-02 18:18Summary
Security update for apache-commons-beanutils
Severity
Important
Notes
Title of the patch: Security update for apache-commons-beanutils
Description of the patch: This update for apache-commons-beanutils fixes the following issues:
Security issue fixed:
- CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects (bsc#1146657).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-2058
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apache-commons-beanutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apache-commons-beanutils fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-10086: Added special BeanIntrospector class which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects (bsc#1146657).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-2058",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_2058-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:2058-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZY7XA5ODCMNPHIE2KXBFLLPP6RFCHE62/#ZY7XA5ODCMNPHIE2KXBFLLPP6RFCHE62"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:2058-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZY7XA5ODCMNPHIE2KXBFLLPP6RFCHE62/#ZY7XA5ODCMNPHIE2KXBFLLPP6RFCHE62"
},
{
"category": "self",
"summary": "SUSE Bug 1146657",
"url": "https://bugzilla.suse.com/1146657"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10086 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10086/"
}
],
"title": "Security update for apache-commons-beanutils",
"tracking": {
"current_release_date": "2019-09-02T18:18:58Z",
"generator": {
"date": "2019-09-02T18:18:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:2058-1",
"initial_release_date": "2019-09-02T18:18:58Z",
"revision_history": [
{
"date": "2019-09-02T18:18:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"product": {
"name": "apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"product_id": "apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch",
"product": {
"name": "apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch",
"product_id": "apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch"
},
"product_reference": "apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch"
},
"product_reference": "apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch"
},
"product_reference": "apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch"
},
"product_reference": "apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10086"
}
],
"notes": [
{
"category": "general",
"text": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.0:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10086",
"url": "https://www.suse.com/security/cve/CVE-2019-10086"
},
{
"category": "external",
"summary": "SUSE Bug 1146657 for CVE-2019-10086",
"url": "https://bugzilla.suse.com/1146657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.0:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.0:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:apache-commons-beanutils-1.9.2-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:apache-commons-beanutils-javadoc-1.9.2-lp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-09-02T18:18:58Z",
"details": "important"
}
],
"title": "CVE-2019-10086"
}
]
}
OPENSUSE-SU-2024:10617-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
apache-commons-beanutils-1.9.4-3.7 on GA media
Severity
Moderate
Notes
Title of the patch: apache-commons-beanutils-1.9.4-3.7 on GA media
Description of the patch: These are all security issues fixed in the apache-commons-beanutils-1.9.4-3.7 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10617
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.8 (Critical)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.3 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache-commons-beanutils-1.9.4-3.7 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache-commons-beanutils-1.9.4-3.7 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10617",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10617-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0114 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0114/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-4852 page",
"url": "https://www.suse.com/security/cve/CVE-2015-4852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10086 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10086/"
}
],
"title": "apache-commons-beanutils-1.9.4-3.7 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10617-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.9.4-3.7.aarch64",
"product": {
"name": "apache-commons-beanutils-1.9.4-3.7.aarch64",
"product_id": "apache-commons-beanutils-1.9.4-3.7.aarch64"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"product": {
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"product_id": "apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.9.4-3.7.ppc64le",
"product": {
"name": "apache-commons-beanutils-1.9.4-3.7.ppc64le",
"product_id": "apache-commons-beanutils-1.9.4-3.7.ppc64le"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"product": {
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"product_id": "apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.9.4-3.7.s390x",
"product": {
"name": "apache-commons-beanutils-1.9.4-3.7.s390x",
"product_id": "apache-commons-beanutils-1.9.4-3.7.s390x"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"product": {
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"product_id": "apache-commons-beanutils-javadoc-1.9.4-3.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.9.4-3.7.x86_64",
"product": {
"name": "apache-commons-beanutils-1.9.4-3.7.x86_64",
"product_id": "apache-commons-beanutils-1.9.4-3.7.x86_64"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64",
"product": {
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64",
"product_id": "apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.9.4-3.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64"
},
"product_reference": "apache-commons-beanutils-1.9.4-3.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.9.4-3.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le"
},
"product_reference": "apache-commons-beanutils-1.9.4-3.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.9.4-3.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x"
},
"product_reference": "apache-commons-beanutils-1.9.4-3.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.9.4-3.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64"
},
"product_reference": "apache-commons-beanutils-1.9.4-3.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64"
},
"product_reference": "apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le"
},
"product_reference": "apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x"
},
"product_reference": "apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
},
"product_reference": "apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-0114",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0114"
}
],
"notes": [
{
"category": "general",
"text": "Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0114",
"url": "https://www.suse.com/security/cve/CVE-2014-0114"
},
{
"category": "external",
"summary": "SUSE Bug 778464 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/778464"
},
{
"category": "external",
"summary": "SUSE Bug 875455 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/875455"
},
{
"category": "external",
"summary": "SUSE Bug 885963 for CVE-2014-0114",
"url": "https://bugzilla.suse.com/885963"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2015-4852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-4852"
}
],
"notes": [
{
"category": "general",
"text": "The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-4852",
"url": "https://www.suse.com/security/cve/CVE-2015-4852"
},
{
"category": "external",
"summary": "SUSE Bug 954102 for CVE-2015-4852",
"url": "https://bugzilla.suse.com/954102"
},
{
"category": "external",
"summary": "SUSE Bug 955853 for CVE-2015-4852",
"url": "https://bugzilla.suse.com/955853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2015-4852"
},
{
"cve": "CVE-2019-10086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10086"
}
],
"notes": [
{
"category": "general",
"text": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10086",
"url": "https://www.suse.com/security/cve/CVE-2019-10086"
},
{
"category": "external",
"summary": "SUSE Bug 1146657 for CVE-2019-10086",
"url": "https://bugzilla.suse.com/1146657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.9.4-3.7.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.9.4-3.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-10086"
}
]
}
RHBA-2020:0496
Vulnerability from csaf_redhat - Published: 2020-02-13 15:00 - Updated: 2026-05-14 18:25Summary
Red Hat Bug Fix Advisory: Satellite 6.6.2 Async Bug Fix Update
Severity
Important
Notes
Topic: Updated Satellite 6.6 packages that fix several bugs are now available for Red Hat Satellite.
Details: Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
This update fixes the following bugs:
* A virt-who hypervisor update was blocking the RHSM certs check for several minutes, which caused `503` errors and connection timeouts. (BZ#1791492)
* Content synchronization was failing with the following error: PG::ProtocolViolation: ERROR: invalid message format. (BZ#1791493)
* To improve performance and prevent problems with hanging tasks, the `Actions::Katello::Host::Update` action is no longer handled by dynflow. (BZ#1791494)
* There was a problem preventing Foreman rake batch cleanups that resulted in the following error: ERROR: invalid message format. (BZ#1791495)
* The comps.xml file was missing environment groups information from the repositories inside a Content View. (BZ#1791496)
* Attempting to clean orphaned facts was failing with the following error: NoMethodError: undefined method `map' for nil:NilClass. (BZ#1791498)
* The Puppet module `puppet-access_insights_client` was generating excessive load in large Satellite deployments. (BZ#1791499)
* Escape backslashes were being added to the value each time an Ansible array variable was edited. (BZ#1791500)
* The satellite-change-hostname command was failing with the error: "illegal option -- r". (BZ#1791501)
* Red Hat Satellite Tools 6.5 repository for RHEL 8 was not appearing as selected in the Satellite web UI. (BZ#1791502)
* Upgrade katello-ca-consumer RPM was causing the rhsm.conf file to point back to the Customer Portal. (BZ#1791503)
* The virt-who hypervisor update jobs were failing with a duplicate entry for the cp_consumer_hypervisor_ukey key. (BZ#1791504)
* Client registration performance times on Satellite 6.5 were slow. (BZ#1791505)
* The RHSM facts for a host remained after removing registration for that host. This caused reregistering the host to fail. (BZ#1791506)
* An error prevented the registration of hosts with a bonded primary interface. (BZ#1791879)
* While updating stacked entitlements, the Candlepin service was hanging on ExpiredPoolsJob step indefinitely. (BZ#1794583)
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.
7.3 (High)
Affected products
Fixed
71 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-cli-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-debug-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-gce-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-journald-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:katello-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:katello-0:3.12.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:katello-common-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:katello-debug-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:katello-service-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:satellite-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:satellite-0:6.6.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:satellite-capsule-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:satellite-cli-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:satellite-common-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Capsule66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:candlepin-selinux-0:2.6.13-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-cli-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-debug-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-gce-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-journald-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:katello-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:katello-0:3.12.0-3.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:katello-common-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:katello-debug-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:katello-service-0:3.12.0-3.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:satellite-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:satellite-0:6.6.2-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:satellite-capsule-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:satellite-cli-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:satellite-common-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.src | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Satellite 6.6 packages that fix several bugs are now available for Red Hat Satellite.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nThis update fixes the following bugs:\n\n* A virt-who hypervisor update was blocking the RHSM certs check for several minutes, which caused `503` errors and connection timeouts. (BZ#1791492)\n\n* Content synchronization was failing with the following error: PG::ProtocolViolation: ERROR: invalid message format. (BZ#1791493)\n\n* To improve performance and prevent problems with hanging tasks, the `Actions::Katello::Host::Update` action is no longer handled by dynflow. (BZ#1791494)\n\n* There was a problem preventing Foreman rake batch cleanups that resulted in the following error: ERROR: invalid message format. (BZ#1791495)\n\n* The comps.xml file was missing environment groups information from the repositories inside a Content View. (BZ#1791496)\n\n* Attempting to clean orphaned facts was failing with the following error: NoMethodError: undefined method `map\u0027 for nil:NilClass. (BZ#1791498)\n\n* The Puppet module `puppet-access_insights_client` was generating excessive load in large Satellite deployments. (BZ#1791499)\n\n* Escape backslashes were being added to the value each time an Ansible array variable was edited. (BZ#1791500) \n\n* The satellite-change-hostname command was failing with the error: \"illegal option -- r\". (BZ#1791501)\n\n* Red Hat Satellite Tools 6.5 repository for RHEL 8 was not appearing as selected in the Satellite web UI. (BZ#1791502)\n\n* Upgrade katello-ca-consumer RPM was causing the rhsm.conf file to point back to the Customer Portal. (BZ#1791503)\n\n* The virt-who hypervisor update jobs were failing with a duplicate entry for the cp_consumer_hypervisor_ukey key. (BZ#1791504)\n\n* Client registration performance times on Satellite 6.5 were slow. (BZ#1791505)\n\n* The RHSM facts for a host remained after removing registration for that host. This caused reregistering the host to fail. (BZ#1791506)\n\n* An error prevented the registration of hosts with a bonded primary interface. (BZ#1791879)\n\n* While updating stacked entitlements, the Candlepin service was hanging on ExpiredPoolsJob step indefinitely. (BZ#1794583)\n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2020:0496",
"url": "https://access.redhat.com/errata/RHBA-2020:0496"
},
{
"category": "external",
"summary": "1791492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791492"
},
{
"category": "external",
"summary": "1791493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791493"
},
{
"category": "external",
"summary": "1791494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791494"
},
{
"category": "external",
"summary": "1791495",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791495"
},
{
"category": "external",
"summary": "1791496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791496"
},
{
"category": "external",
"summary": "1791498",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791498"
},
{
"category": "external",
"summary": "1791499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791499"
},
{
"category": "external",
"summary": "1791500",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791500"
},
{
"category": "external",
"summary": "1791501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791501"
},
{
"category": "external",
"summary": "1791502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791502"
},
{
"category": "external",
"summary": "1791503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791503"
},
{
"category": "external",
"summary": "1791504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791504"
},
{
"category": "external",
"summary": "1791505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791505"
},
{
"category": "external",
"summary": "1791506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791506"
},
{
"category": "external",
"summary": "1791879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791879"
},
{
"category": "external",
"summary": "1794583",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1794583"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhba-2020_0496.json"
}
],
"title": "Red Hat Bug Fix Advisory: Satellite 6.6.2 Async Bug Fix Update",
"tracking": {
"current_release_date": "2026-05-14T18:25:14+00:00",
"generator": {
"date": "2026-05-14T18:25:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHBA-2020:0496",
"initial_release_date": "2020-02-13T15:00:46+00:00",
"revision_history": [
{
"date": "2020-02-13T15:00:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-02-13T15:00:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T18:25:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 6.6",
"product": {
"name": "Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite:6.6::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite Capsule 6.6",
"product": {
"name": "Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:satellite_capsule:6.6::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite 6"
},
{
"branches": [
{
"category": "product_version",
"name": "candlepin-0:2.6.13-1.el7sat.noarch",
"product": {
"name": "candlepin-0:2.6.13-1.el7sat.noarch",
"product_id": "candlepin-0:2.6.13-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@2.6.13-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "candlepin-selinux-0:2.6.13-1.el7sat.noarch",
"product": {
"name": "candlepin-selinux-0:2.6.13-1.el7sat.noarch",
"product_id": "candlepin-selinux-0:2.6.13-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin-selinux@2.6.13-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-cli@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-debug@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ec2@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-gce@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-journald@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-libvirt@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-openstack@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-ovirt@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-postgresql@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-rackspace@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-telemetry@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"product": {
"name": "foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"product_id": "foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-vmware@1.22.0.36-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"product": {
"name": "foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"product_id": "foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@1.22.0.17-1.el7sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"product": {
"name": "foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"product_id": "foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer-katello@1.22.0.17-1.el7sat?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"product": {
"name": "foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"product_id": "foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-proxy-content@3.12.0-3.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "katello-0:3.12.0-3.el7sat.noarch",
"product": {
"name": "katello-0:3.12.0-3.el7sat.noarch",
"product_id": "katello-0:3.12.0-3.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/katello@3.12.0-3.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "katello-common-0:3.12.0-3.el7sat.noarch",
"product": {
"name": "katello-common-0:3.12.0-3.el7sat.noarch",
"product_id": "katello-common-0:3.12.0-3.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/katello-common@3.12.0-3.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "katello-debug-0:3.12.0-3.el7sat.noarch",
"product": {
"name": "katello-debug-0:3.12.0-3.el7sat.noarch",
"product_id": "katello-debug-0:3.12.0-3.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/katello-debug@3.12.0-3.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "katello-service-0:3.12.0-3.el7sat.noarch",
"product": {
"name": "katello-service-0:3.12.0-3.el7sat.noarch",
"product_id": "katello-service-0:3.12.0-3.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/katello-service@3.12.0-3.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"product": {
"name": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"product_id": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-access-insights-puppet@1.0.1-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.6.2-1.el7sat.noarch",
"product": {
"name": "satellite-0:6.6.2-1.el7sat.noarch",
"product_id": "satellite-0:6.6.2-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.6.2-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-capsule-0:6.6.2-1.el7sat.noarch",
"product": {
"name": "satellite-capsule-0:6.6.2-1.el7sat.noarch",
"product_id": "satellite-capsule-0:6.6.2-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-capsule@6.6.2-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-cli-0:6.6.2-1.el7sat.noarch",
"product": {
"name": "satellite-cli-0:6.6.2-1.el7sat.noarch",
"product_id": "satellite-cli-0:6.6.2-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-cli@6.6.2-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-common-0:6.6.2-1.el7sat.noarch",
"product": {
"name": "satellite-common-0:6.6.2-1.el7sat.noarch",
"product_id": "satellite-common-0:6.6.2-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-common@6.6.2-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"product": {
"name": "satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"product_id": "satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite-debug-tools@6.6.2-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch",
"product_id": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-katello@3.12.0.37-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch",
"product": {
"name": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch",
"product_id": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-runcible@2.12.1-1.el7sat?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch",
"product": {
"name": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch",
"product_id": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-foreman_ansible@3.0.7.2-2.el7sat?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "candlepin-0:2.6.13-1.el7sat.src",
"product": {
"name": "candlepin-0:2.6.13-1.el7sat.src",
"product_id": "candlepin-0:2.6.13-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/candlepin@2.6.13-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-0:1.22.0.36-1.el7sat.src",
"product": {
"name": "foreman-0:1.22.0.36-1.el7sat.src",
"product_id": "foreman-0:1.22.0.36-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman@1.22.0.36-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "foreman-installer-1:1.22.0.17-1.el7sat.src",
"product": {
"name": "foreman-installer-1:1.22.0.17-1.el7sat.src",
"product_id": "foreman-installer-1:1.22.0.17-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/foreman-installer@1.22.0.17-1.el7sat?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "katello-0:3.12.0-3.el7sat.src",
"product": {
"name": "katello-0:3.12.0-3.el7sat.src",
"product_id": "katello-0:3.12.0-3.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/katello@3.12.0-3.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"product": {
"name": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"product_id": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/redhat-access-insights-puppet@1.0.1-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "satellite-0:6.6.2-1.el7sat.src",
"product": {
"name": "satellite-0:6.6.2-1.el7sat.src",
"product_id": "satellite-0:6.6.2-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/satellite@6.6.2-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src",
"product": {
"name": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src",
"product_id": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-katello@3.12.0.37-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.src",
"product": {
"name": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.src",
"product_id": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-runcible@2.12.1-1.el7sat?arch=src"
}
}
},
{
"category": "product_version",
"name": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src",
"product": {
"name": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src",
"product_id": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tfm-rubygem-foreman_ansible@3.0.7.2-2.el7sat?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:1.22.0.36-1.el7sat.src as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.src"
},
"product_reference": "foreman-0:1.22.0.36-1.el7sat.src",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-cli-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-debug-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-gce-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:1.22.0.17-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.noarch"
},
"product_reference": "foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:1.22.0.17-1.el7sat.src as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.src"
},
"product_reference": "foreman-installer-1:1.22.0.17-1.el7sat.src",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch"
},
"product_reference": "foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-journald-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-content-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-rackspace-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:katello-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "katello-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-0:3.12.0-3.el7sat.src as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:katello-0:3.12.0-3.el7sat.src"
},
"product_reference": "katello-0:3.12.0-3.el7sat.src",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-common-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:katello-common-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "katello-common-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-debug-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:katello-debug-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "katello-debug-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-service-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:katello-service-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "katello-service-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch"
},
"product_reference": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.src as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src"
},
"product_reference": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:satellite-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.6.2-1.el7sat.src as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:satellite-0:6.6.2-1.el7sat.src"
},
"product_reference": "satellite-0:6.6.2-1.el7sat.src",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:satellite-capsule-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:satellite-cli-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:satellite-common-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-debug-tools-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.6",
"product_id": "7Server-Capsule66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Capsule66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:2.6.13-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.noarch"
},
"product_reference": "candlepin-0:2.6.13-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-0:2.6.13-1.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.src"
},
"product_reference": "candlepin-0:2.6.13-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "candlepin-selinux-0:2.6.13-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:candlepin-selinux-0:2.6.13-1.el7sat.noarch"
},
"product_reference": "candlepin-selinux-0:2.6.13-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-0:1.22.0.36-1.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.src"
},
"product_reference": "foreman-0:1.22.0.36-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-cli-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-cli-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-debug-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-debug-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ec2-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-gce-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-gce-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:1.22.0.17-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.noarch"
},
"product_reference": "foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-1:1.22.0.17-1.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.src"
},
"product_reference": "foreman-installer-1:1.22.0.17-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch"
},
"product_reference": "foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-journald-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-journald-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-libvirt-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-openstack-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-ovirt-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-postgresql-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-proxy-content-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-rackspace-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-telemetry-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "foreman-vmware-0:1.22.0.36-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch"
},
"product_reference": "foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:katello-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "katello-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-0:3.12.0-3.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:katello-0:3.12.0-3.el7sat.src"
},
"product_reference": "katello-0:3.12.0-3.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-common-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:katello-common-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "katello-common-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-debug-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:katello-debug-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "katello-debug-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "katello-service-0:3.12.0-3.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:katello-service-0:3.12.0-3.el7sat.noarch"
},
"product_reference": "katello-service-0:3.12.0-3.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch"
},
"product_reference": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src"
},
"product_reference": "redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:satellite-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-0:6.6.2-1.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:satellite-0:6.6.2-1.el7sat.src"
},
"product_reference": "satellite-0:6.6.2-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-capsule-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:satellite-capsule-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-capsule-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-cli-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:satellite-cli-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-cli-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-common-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:satellite-common-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-common-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "satellite-debug-tools-0:6.6.2-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch"
},
"product_reference": "satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch"
},
"product_reference": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src"
},
"product_reference": "tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src"
},
"product_reference": "tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch"
},
"product_reference": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch",
"relates_to_product_reference": "7Server-Satellite66"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.src as a component of Red Hat Satellite 6.6",
"product_id": "7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.src"
},
"product_reference": "tfm-rubygem-runcible-0:2.12.1-1.el7sat.src",
"relates_to_product_reference": "7Server-Satellite66"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1767483"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.src",
"7Server-Capsule66:foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.src",
"7Server-Capsule66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"7Server-Capsule66:foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:katello-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-0:3.12.0-3.el7sat.src",
"7Server-Capsule66:katello-common-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-debug-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-service-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"7Server-Capsule66:satellite-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-0:6.6.2-1.el7sat.src",
"7Server-Capsule66:satellite-capsule-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-cli-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-common-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.noarch",
"7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.src",
"7Server-Satellite66:candlepin-selinux-0:2.6.13-1.el7sat.noarch",
"7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.src",
"7Server-Satellite66:foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.src",
"7Server-Satellite66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"7Server-Satellite66:foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:katello-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-0:3.12.0-3.el7sat.src",
"7Server-Satellite66:katello-common-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-debug-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-service-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"7Server-Satellite66:satellite-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-0:6.6.2-1.el7sat.src",
"7Server-Satellite66:satellite-capsule-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-cli-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-common-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src",
"7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src",
"7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10086"
},
{
"category": "external",
"summary": "RHBZ#1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt",
"url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt"
}
],
"release_date": "2019-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-02-13T15:00:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.6/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts",
"product_ids": [
"7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.src",
"7Server-Capsule66:foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.src",
"7Server-Capsule66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"7Server-Capsule66:foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:katello-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-0:3.12.0-3.el7sat.src",
"7Server-Capsule66:katello-common-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-debug-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-service-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"7Server-Capsule66:satellite-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-0:6.6.2-1.el7sat.src",
"7Server-Capsule66:satellite-capsule-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-cli-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-common-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.noarch",
"7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.src",
"7Server-Satellite66:candlepin-selinux-0:2.6.13-1.el7sat.noarch",
"7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.src",
"7Server-Satellite66:foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.src",
"7Server-Satellite66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"7Server-Satellite66:foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:katello-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-0:3.12.0-3.el7sat.src",
"7Server-Satellite66:katello-common-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-debug-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-service-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"7Server-Satellite66:satellite-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-0:6.6.2-1.el7sat.src",
"7Server-Satellite66:satellite-capsule-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-cli-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-common-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src",
"7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src",
"7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2020:0496"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.src",
"7Server-Capsule66:foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.src",
"7Server-Capsule66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"7Server-Capsule66:foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:katello-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-0:3.12.0-3.el7sat.src",
"7Server-Capsule66:katello-common-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-debug-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-service-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"7Server-Capsule66:satellite-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-0:6.6.2-1.el7sat.src",
"7Server-Capsule66:satellite-capsule-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-cli-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-common-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.noarch",
"7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.src",
"7Server-Satellite66:candlepin-selinux-0:2.6.13-1.el7sat.noarch",
"7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.src",
"7Server-Satellite66:foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.src",
"7Server-Satellite66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"7Server-Satellite66:foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:katello-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-0:3.12.0-3.el7sat.src",
"7Server-Satellite66:katello-common-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-debug-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-service-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"7Server-Satellite66:satellite-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-0:6.6.2-1.el7sat.src",
"7Server-Satellite66:satellite-capsule-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-cli-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-common-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src",
"7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src",
"7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-0:1.22.0.36-1.el7sat.src",
"7Server-Capsule66:foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"7Server-Capsule66:foreman-installer-1:1.22.0.17-1.el7sat.src",
"7Server-Capsule66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"7Server-Capsule66:foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"7Server-Capsule66:katello-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-0:3.12.0-3.el7sat.src",
"7Server-Capsule66:katello-common-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-debug-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:katello-service-0:3.12.0-3.el7sat.noarch",
"7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"7Server-Capsule66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"7Server-Capsule66:satellite-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-0:6.6.2-1.el7sat.src",
"7Server-Capsule66:satellite-capsule-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-cli-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-common-0:6.6.2-1.el7sat.noarch",
"7Server-Capsule66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.noarch",
"7Server-Satellite66:candlepin-0:2.6.13-1.el7sat.src",
"7Server-Satellite66:candlepin-selinux-0:2.6.13-1.el7sat.noarch",
"7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-0:1.22.0.36-1.el7sat.src",
"7Server-Satellite66:foreman-cli-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-debug-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-ec2-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-gce-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.noarch",
"7Server-Satellite66:foreman-installer-1:1.22.0.17-1.el7sat.src",
"7Server-Satellite66:foreman-installer-katello-1:1.22.0.17-1.el7sat.noarch",
"7Server-Satellite66:foreman-journald-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-libvirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-openstack-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-ovirt-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-postgresql-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-proxy-content-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:foreman-rackspace-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-telemetry-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:foreman-vmware-0:1.22.0.36-1.el7sat.noarch",
"7Server-Satellite66:katello-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-0:3.12.0-3.el7sat.src",
"7Server-Satellite66:katello-common-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-debug-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:katello-service-0:3.12.0-3.el7sat.noarch",
"7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.noarch",
"7Server-Satellite66:redhat-access-insights-puppet-0:1.0.1-1.el7sat.src",
"7Server-Satellite66:satellite-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-0:6.6.2-1.el7sat.src",
"7Server-Satellite66:satellite-capsule-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-cli-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-common-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:satellite-debug-tools-0:6.6.2-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-foreman_ansible-0:3.0.7.2-2.el7sat.src",
"7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-katello-0:3.12.0.37-1.el7sat.src",
"7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.noarch",
"7Server-Satellite66:tfm-rubygem-runcible-0:2.12.1-1.el7sat.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default"
}
]
}
RHSA-2019:4317
Vulnerability from csaf_redhat - Published: 2019-12-18 15:32 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: rh-maven35-apache-commons-beanutils security update
Severity
Important
Notes
Topic: An update for rh-maven35-apache-commons-beanutils is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The rh-maven35-apache-commons-beanutils package provides Java utility methods for accessing and modifying properties of arbitrary JavaBeans.
Security Fix(es):
* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.
7.3 (High)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-maven35-apache-commons-beanutils is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The rh-maven35-apache-commons-beanutils package provides Java utility methods for accessing and modifying properties of arbitrary JavaBeans.\n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:4317",
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_4317.json"
}
],
"title": "Red Hat Security Advisory: rh-maven35-apache-commons-beanutils security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:58+00:00",
"generator": {
"date": "2026-05-14T22:24:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2019:4317",
"initial_release_date": "2019-12-18T15:32:11+00:00",
"revision_history": [
{
"date": "2019-12-18T15:32:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-12-18T15:32:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.4-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.4-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.4-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"product": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"product_id": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-apache-commons-beanutils@1.9.3-2.3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"product": {
"name": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"product_id": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-apache-commons-beanutils-javadoc@1.9.3-2.3.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"product": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"product_id": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-maven35-apache-commons-beanutils@1.9.3-2.3.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-Alt-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src"
},
"product_reference": "rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
},
"product_reference": "rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1767483"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10086"
},
{
"category": "external",
"summary": "RHBZ#1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt",
"url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt"
}
],
"release_date": "2019-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-12-18T15:32:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:4317"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-Alt-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.5.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.6.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4-7.7.Z:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Server-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.noarch",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-0:1.9.3-2.3.el7.src",
"7Workstation-RHSCL-3.4:rh-maven35-apache-commons-beanutils-javadoc-0:1.9.3-2.3.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default"
}
]
}
RHSA-2020:0057
Vulnerability from csaf_redhat - Published: 2020-01-08 11:21 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: rh-java-common-apache-commons-beanutils security update
Severity
Important
Notes
Topic: An update for rh-java-common-apache-commons-beanutils is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans.
Security Fix(es):
* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.
7.3 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rh-java-common-apache-commons-beanutils is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans.\n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0057",
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0057.json"
}
],
"title": "Red Hat Security Advisory: rh-java-common-apache-commons-beanutils security update",
"tracking": {
"current_release_date": "2026-05-14T22:25:01+00:00",
"generator": {
"date": "2026-05-14T22:25:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0057",
"initial_release_date": "2020-01-08T11:21:50+00:00",
"revision_history": [
{
"date": "2020-01-08T11:21:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-08T11:21:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.4-7.5.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.4-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product": {
"name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.4-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_software_collections:3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Software Collections"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"product": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"product_id": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-java-common-apache-commons-beanutils@1.8.3-14.14.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"product": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"product_id": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-java-common-apache-commons-beanutils-javadoc@1.8.3-14.14.el6?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"product": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"product_id": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-java-common-apache-commons-beanutils@1.8.3-14.15.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"product": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"product_id": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-java-common-apache-commons-beanutils-javadoc@1.8.3-14.15.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"product": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"product_id": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-java-common-apache-commons-beanutils@1.8.3-14.14.el6?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"product": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"product_id": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-java-common-apache-commons-beanutils@1.8.3-14.15.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"relates_to_product_reference": "6Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)",
"product_id": "6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"relates_to_product_reference": "6Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"relates_to_product_reference": "6Workstation-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"relates_to_product_reference": "6Workstation-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)",
"product_id": "7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.5.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6)",
"product_id": "7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7)",
"product_id": "7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"relates_to_product_reference": "7Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Server-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src"
},
"product_reference": "rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"relates_to_product_reference": "7Workstation-RHSCL-3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
},
"product_reference": "rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"relates_to_product_reference": "7Workstation-RHSCL-3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1767483"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10086"
},
{
"category": "external",
"summary": "RHBZ#1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt",
"url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt"
}
],
"release_date": "2019-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-08T11:21:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0057"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"6Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.noarch",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.14.el6.src",
"6Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.14.el6.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.5.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.6.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4-7.7.Z:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Server-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.noarch",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-0:1.8.3-14.15.el7.src",
"7Workstation-RHSCL-3.4:rh-java-common-apache-commons-beanutils-javadoc-0:1.8.3-14.15.el7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default"
}
]
}
RHSA-2020:0194
Vulnerability from csaf_redhat - Published: 2020-01-21 19:16 - Updated: 2026-05-14 22:25Summary
Red Hat Security Advisory: apache-commons-beanutils security update
Severity
Important
Notes
Topic: An update for apache-commons-beanutils is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans.
Security Fix(es):
* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.
7.3 (High)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Client-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7ComputeNode-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Workstation-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for apache-commons-beanutils is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans.\n\nSecurity Fix(es):\n\n* apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0194",
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0194.json"
}
],
"title": "Red Hat Security Advisory: apache-commons-beanutils security update",
"tracking": {
"current_release_date": "2026-05-14T22:25:03+00:00",
"generator": {
"date": "2026-05-14T22:25:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2020:0194",
"initial_release_date": "2020-01-21T19:16:31+00:00",
"revision_history": [
{
"date": "2020-01-21T19:16:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-01-21T19:16:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:25:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"product": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"product_id": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-beanutils@1.8.3-15.el7_7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"product": {
"name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"product_id": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-beanutils-javadoc@1.8.3-15.el7_7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"product": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"product_id": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-beanutils@1.8.3-15.el7_7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch"
},
"product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src"
},
"product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
},
"product_reference": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"relates_to_product_reference": "7Client-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch"
},
"product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src"
},
"product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
},
"product_reference": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"relates_to_product_reference": "7ComputeNode-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch"
},
"product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src"
},
"product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
},
"product_reference": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"relates_to_product_reference": "7Server-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch"
},
"product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-0:1.8.3-15.el7_7.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src"
},
"product_reference": "apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
},
"product_reference": "apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"relates_to_product_reference": "7Workstation-optional-7.7.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10086",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2019-10-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1767483"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Client-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Server-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10086"
},
{
"category": "external",
"summary": "RHBZ#1767483",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767483"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10086"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt",
"url": "https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt"
}
],
"release_date": "2019-08-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-01-21T19:16:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Client-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Server-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0194"
},
{
"category": "workaround",
"details": "There is no currently known mitigation for this flaw.",
"product_ids": [
"7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Client-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Server-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Client-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Client-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7ComputeNode-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Server-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Server-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.noarch",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-0:1.8.3-15.el7_7.src",
"7Workstation-optional-7.7.Z:apache-commons-beanutils-javadoc-0:1.8.3-15.el7_7.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…