In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-08-20 21:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-10086
Mitre link : CVE-2019-10086
CVE.ORG link : CVE-2019-10086
JSON object : View
Products Affected
oracle
- hospitality_opera_5
- communications_convergence
- insurance_data_gateway
- primavera_gateway
- communications_metasolv_solution
- communications_network_integrity
- retail_point-of-service
- solaris_cluster
- blockchain_platform
- communications_cloud_native_core_console
- application_testing_suite
- retail_invoice_matching
- retail_predictive_application_server
- retail_price_management
- time_and_labor
- retail_xstore_point_of_service
- retail_advanced_inventory_planning
- service_bus
- weblogic_server
- communications_performance_intelligence_center
- healthcare_foundation
- retail_central_office
- peoplesoft_enterprise_peopletools
- financial_services_revenue_management_and_billing_analytics
- agile_plm
- communications_unified_inventory_management
- communications_evolved_communications_application_server
- communications_cloud_native_core_unified_data_repository
- retail_back_office
- peoplesoft_enterprise_pt_peopletools
- utilities_framework
- jd_edwards_enterpriseone_tools
- banking_platform
- retail_returns_management
- flexcube_private_banking
- communications_billing_and_revenue_management_elastic_charging_engine
- communications_pricing_design_center
- agile_product_lifecycle_management_integration_pack
- customer_management_and_segmentation_foundation
- hospitality_reporting_and_analytics
- real-time_decisions_solutions
- jd_edwards_enterpriseone_orchestrator
- communications_billing_and_revenue_management
- enterprise_manager_for_virtualization
- fusion_middleware
- communications_design_studio
- retail_merchandising_system
- communications_cloud_native_core_policy
redhat
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_desktop
- jboss_enterprise_application_platform
- enterprise_linux_eus
- enterprise_linux_server_tus
- enterprise_linux_workstation
apache
- commons_beanutils
- nifi
fedoraproject
- fedora
opensuse
- leap
debian
- debian_linux
CWE
CWE-502
Deserialization of Untrusted Data