Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

CVSS v3:

  • Severity: High
  • Score: 7.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / commons_beanutils 1.0 1.9.3.x
apache / nifi 1.14.0 1.14.0.x
apache / nifi 1.15.0 1.15.0.x
debian / debian_linux 8.0 8.0.x
opensuse / leap 15.0 15.0.x
opensuse / leap 15.1 15.1.x
fedoraproject / fedora 30 30.x
fedoraproject / fedora 31 31.x
redhat / enterprise_linux_desktop 7.0 7.0.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_server_aus 7.7 7.7.x
redhat / enterprise_linux_server_tus 7.7 7.7.x
redhat / enterprise_linux_eus 7.7 7.7.x
redhat / jboss_enterprise_application_platform 7.2.0 7.2.0.x
oracle / retail_xstore_point_of_service 15.0 15.0.x
oracle / flexcube_private_banking 12.1.0 12.1.0.x
oracle / banking_platform 2.4.0 2.4.0.x
oracle / retail_xstore_point_of_service 7.1 7.1.x
oracle / flexcube_private_banking 12.0.0 12.0.0.x
oracle / service_bus 11.1.1.9.0 11.1.1.9.0.x
oracle / fusion_middleware 11.1.1.9 11.1.1.9.x
oracle / retail_back_office 14.1 14.1.x
oracle / peoplesoft_enterprise_peopletools 8.56 8.56.x
oracle / weblogic_server 10.3.6.0.0 10.3.6.0.0.x
oracle / utilities_framework 4.2.0.3.0 4.2.0.3.0.x
oracle / utilities_framework 4.2.0.2.0 4.2.0.2.0.x
oracle / peoplesoft_enterprise_pt_peopletools 8.56 8.56.x
oracle / retail_xstore_point_of_service 16.0 16.0.x
oracle / peoplesoft_enterprise_peopletools 8.57 8.57.x
oracle / hospitality_reporting_and_analytics 9.1.0 9.1.0.x
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / retail_predictive_application_server 16.0 16.0.x
oracle / retail_returns_management 14.1 14.1.x
oracle / retail_central_office 14.1 14.1.x
oracle / communications_billing_and_revenue_management 7.5 7.5.x
oracle / retail_point-of-service 14.1 14.1.x
oracle / service_bus 12.2.1.3.0 12.2.1.3.0.x
oracle / utilities_framework 4.4.0.0.0 4.4.0.0.0.x
oracle / agile_plm 9.3.3 9.3.3.x
oracle / agile_plm 9.3.5 9.3.5.x
oracle / agile_plm 9.3.6 9.3.6.x
oracle / communications_unified_inventory_management 7.3.4 7.3.4.x
oracle / communications_unified_inventory_management 7.3.5 7.3.5.x
oracle / communications_unified_inventory_management 7.4.0 7.4.0.x
oracle / fusion_middleware 12.2.1.3.0 12.2.1.3.0.x
oracle / communications_metasolv_solution 6.3.0 6.3.0.x
oracle / fusion_middleware 12.2.1.4.0 12.2.1.4.0.x
oracle / retail_xstore_point_of_service 17.0 17.0.x
oracle / retail_xstore_point_of_service 18.0 18.0.x
oracle / utilities_framework 4.3.0.1.0 4.3.0.6.0.x
oracle / utilities_framework 4.4.0.2.0 4.4.0.2.0.x
oracle / healthcare_foundation 7.3.0 7.3.0.x
oracle / communications_billing_and_revenue_management 12.0.0.3.0 12.0.0.3.0.x
oracle / retail_advanced_inventory_planning 14.1 14.1.x
oracle / banking_platform 2.7.1 2.7.1.x
oracle / banking_platform 2.9.0 2.9.0.x
oracle / communications_evolved_communications_application_server 7.1 7.1.x
oracle / communications_metasolv_solution 6.3.1 6.3.1.x
oracle / communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3 12.0.0.3.x
oracle / communications_billing_and_revenue_management_elastic_charging_engine 11.3.0.9 11.3.0.9.x
oracle / customer_management_and_segmentation_foundation 18.0 18.0.x
oracle / primavera_gateway 16.2.0 16.2.11.x
oracle / primavera_gateway 17.12.0 17.12.6.x
oracle / communications_network_integrity 7.3.6 7.3.6.x
oracle / healthcare_foundation 7.2.2 7.2.2.x
oracle / peoplesoft_enterprise_pt_peopletools 8.57 8.57.x
oracle / financial_services_revenue_management_and_billing_analytics 2.7 2.7.x
oracle / financial_services_revenue_management_and_billing_analytics 2.8 2.8.x
oracle / hospitality_opera_5 5.5 5.5.x
oracle / hospitality_opera_5 5.6 5.6.x
oracle / communications_unified_inventory_management 7.4.1 7.4.1.x
oracle / jd_edwards_enterpriseone_tools - 9.2.5.3
oracle / jd_edwards_enterpriseone_orchestrator - 9.2.5.3
oracle / utilities_framework 4.4.0.3.0 4.4.0.3.0.x
oracle / agile_product_lifecycle_management_integration_pack 3.6 3.6.x
oracle / agile_product_lifecycle_management_integration_pack 3.5 3.5.x
oracle / peoplesoft_enterprise_pt_peopletools 8.58 8.58.x
oracle / jd_edwards_enterpriseone_tools 9.2.5.3 9.2.5.3.x
oracle / jd_edwards_enterpriseone_orchestrator 9.2.5.3 9.2.5.3.x
oracle / insurance_data_gateway 1.0.2.3 1.0.2.3.x
oracle / healthcare_foundation 7.1.5 7.1.5.x
oracle / healthcare_foundation 7.3.1 7.3.1.x
oracle / healthcare_foundation 8.0.1 8.0.1.x
oracle / service_bus 12.2.1.4.0 12.2.1.4.0.x
oracle / enterprise_manager_for_virtualization 13.4.0.0 13.4.0.0.x
oracle / communications_performance_intelligence_center 10.4.0.3 10.4.0.3.x
oracle / retail_price_management 14.0.1 14.0.1.x
oracle / solaris_cluster 4.4 4.4.x
oracle / retail_price_management 15.0 15.0.x
oracle / retail_price_management 16.0 16.0.x
oracle / retail_price_management 14.0 14.0.x
oracle / retail_merchandising_system 5.0.3.1 5.0.3.1.x
oracle / real-time_decisions_solutions 3.2.0.0 3.2.0.0.x
oracle / communications_cloud_native_core_unified_data_repository 1.6.0 1.6.0.x
oracle / communications_cloud_native_core_policy 1.9.0 1.9.0.x
oracle / communications_cloud_native_core_console 1.4.0 1.4.0.x
oracle / communications_pricing_design_center 12.0.0.3.0 12.0.0.3.0.x
oracle / communications_convergence 3.0.2.2.0 3.0.2.2.0.x
oracle / retail_invoice_matching 16.0.3 16.0.3.x
oracle / communications_design_studio 7.3.4 7.3.4.x
oracle / communications_design_studio 7.3.5 7.3.5.x
oracle / communications_design_studio 7.4.0 7.4.0.x
oracle / time_and_labor 12.2.6 12.2.11.x
oracle / blockchain_platform - 21.1.2
commons-beanutils / commons-beanutils - 1.9.4