7.5

CVE-2019-10086

EPSS 0.26%
Veröffentlicht 20.08.2019 21:15:12
Zuletzt bearbeitet 21.11.2024 04:18:22
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 58

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Commons Beanutils Version >= 1.0 <= 1.9.3

Apache ≫ Nifi Version1.14.0

Apache ≫ Nifi Version1.15.0

Debian ≫ Debian Linux Version8.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Workstation Version7.0

Redhat ≫ Jboss Enterprise Application Platform Version7.2.0

   Redhat ≫ Enterprise Linux Server Version6.0
   Redhat ≫ Enterprise Linux Server Version7.0
   Redhat ≫ Enterprise Linux Server Version8.0

Oracle ≫ Agile Plm Version9.3.3

Oracle ≫ Agile Plm Version9.3.5

Oracle ≫ Agile Plm Version9.3.6

Oracle ≫ Agile Product Lifecycle Management Integration Pack Version3.5 SwPlatforme-business_suite

Oracle ≫ Agile Product Lifecycle Management Integration Pack Version3.5 SwPlatformsap

Oracle ≫ Agile Product Lifecycle Management Integration Pack Version3.6 SwPlatforme-business_suite

Oracle ≫ Agile Product Lifecycle Management Integration Pack Version3.6 SwPlatformsap

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Banking Platform Version2.4.0

Oracle ≫ Banking Platform Version2.7.1

Oracle ≫ Banking Platform Version2.9.0

Oracle ≫ Blockchain Platform Version < 21.1.2

Oracle ≫ Communications Billing And Revenue Management Version7.5

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.3.0

Oracle ≫ Communications Billing And Revenue Management Elastic Charging Engine Version11.3.0.9

Oracle ≫ Communications Billing And Revenue Management Elastic Charging Engine Version12.0.0.3

Oracle ≫ Communications Cloud Native Core Console Version1.4.0

Oracle ≫ Communications Cloud Native Core Policy Version1.9.0

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.6.0

Oracle ≫ Communications Convergence Version3.0.2.2.0

Oracle ≫ Communications Design Studio Version7.3.4

Oracle ≫ Communications Design Studio Version7.3.5

Oracle ≫ Communications Design Studio Version7.4.0

Oracle ≫ Communications Evolved Communications Application Server Version7.1

Oracle ≫ Communications Metasolv Solution Version6.3.0

Oracle ≫ Communications Metasolv Solution Version6.3.1

Oracle ≫ Communications Network Integrity Version7.3.6

Oracle ≫ Communications Performance Intelligence Center Version10.4.0.3

Oracle ≫ Communications Pricing Design Center Version12.0.0.3.0

Oracle ≫ Communications Unified Inventory Management Version7.3.4

Oracle ≫ Communications Unified Inventory Management Version7.3.5

Oracle ≫ Communications Unified Inventory Management Version7.4.0

Oracle ≫ Communications Unified Inventory Management Version7.4.1

Oracle ≫ Customer Management And Segmentation Foundation Version18.0

Oracle ≫ Enterprise Manager For Virtualization Version13.4.0.0

Oracle ≫ Financial Services Revenue Management And Billing Analytics Version2.7

Oracle ≫ Financial Services Revenue Management And Billing Analytics Version2.8

Oracle ≫ Flexcube Private Banking Version12.0.0

Oracle ≫ Flexcube Private Banking Version12.1.0

Oracle ≫ Fusion Middleware Version11.1.1.9

Oracle ≫ Fusion Middleware Version12.2.1.3.0

Oracle ≫ Fusion Middleware Version12.2.1.4.0

Oracle ≫ Healthcare Foundation Version7.1.5

Oracle ≫ Healthcare Foundation Version7.2.2

Oracle ≫ Healthcare Foundation Version7.3.0

Oracle ≫ Healthcare Foundation Version7.3.1

Oracle ≫ Healthcare Foundation Version8.0.1

Oracle ≫ Hospitality Opera 5 Version5.5

Oracle ≫ Hospitality Opera 5 Version5.6

Oracle ≫ Hospitality Reporting And Analytics Version9.1.0

Oracle ≫ Insurance Data Gateway Version1.0.2.3

Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version < 9.2.5.3

Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version9.2.5.3

Oracle ≫ Jd Edwards Enterpriseone Tools Version < 9.2.5.3

Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2.5.3

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Pt Peopletools Version8.56

Oracle ≫ Peoplesoft Enterprise Pt Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Pt Peopletools Version8.58

Oracle ≫ Primavera Gateway Version >= 16.2.0 <= 16.2.11

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.6

Oracle ≫ Real-time Decisions Solutions Version3.2.0.0

Oracle ≫ Retail Advanced Inventory Planning Version14.1

Oracle ≫ Retail Back Office Version14.1

Oracle ≫ Retail Central Office Version14.1

Oracle ≫ Retail Invoice Matching Version16.0.3

Oracle ≫ Retail Merchandising System Version5.0.3.1

Oracle ≫ Retail Point-of-service Version14.1

Oracle ≫ Retail Predictive Application Server Version16.0

Oracle ≫ Retail Price Management Version14.0

Oracle ≫ Retail Price Management Version14.0.1

Oracle ≫ Retail Price Management Version15.0

Oracle ≫ Retail Price Management Version16.0

Oracle ≫ Retail Returns Management Version14.1

Oracle ≫ Retail Xstore Point Of Service Version7.1

Oracle ≫ Retail Xstore Point Of Service Version15.0

Oracle ≫ Retail Xstore Point Of Service Version16.0

Oracle ≫ Retail Xstore Point Of Service Version17.0

Oracle ≫ Retail Xstore Point Of Service Version18.0

Oracle ≫ Service Bus Version11.1.1.9.0

Oracle ≫ Service Bus Version12.2.1.3.0

Oracle ≫ Service Bus Version12.2.1.4.0

Oracle ≫ Solaris Cluster Version4.4

Oracle ≫ Time And Labor Version >= 12.2.6 <= 12.2.11

Oracle ≫ Utilities Framework Version >= 4.3.0.1.0 <= 4.3.0.6.0

Oracle ≫ Utilities Framework Version4.2.0.2.0

Oracle ≫ Utilities Framework Version4.2.0.3.0

Oracle ≫ Utilities Framework Version4.4.0.0.0

Oracle ≫ Utilities Framework Version4.4.0.2.0

Oracle ≫ Utilities Framework Version4.4.0.3.0

Oracle ≫ Weblogic Server Version10.3.6.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.489

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://www.oracle.com/security-alerts/cpujan2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html

Third Party Advisory

Mailing List

http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e

https://access.redhat.com/errata/RHSA-2019:4317

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0057

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0194

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0804

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0805

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0806

Third Party Advisory

https://access.redhat.com/errata/RHSA-2020:0811

Third Party Advisory

https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E

https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E

https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E

https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E

https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E

https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E

https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E

https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E

https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E

https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E

https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E

https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E

https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E

https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E

https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E

https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E

https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E

https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E

https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E

https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E

https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E

https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E

https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E

https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E

https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E

https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E

https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E

https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/

https://nvd.nist.gov/vuln/detail/CVE-2019-10086

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10086

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10086

EUVD