In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an malicious user to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache commons beanutils |
||
apache nifi 1.14.0 |
||
apache nifi 1.15.0 |
||
debian debian linux 8.0 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server tus 7.7 |
||
redhat enterprise linux eus 7.7 |
||
redhat jboss_enterprise_application_platform 7.2.0 |
||
oracle retail xstore point of service 15.0 |
||
oracle flexcube private banking 12.1.0 |
||
oracle banking platform 2.4.0 |
||
oracle retail xstore point of service 7.1 |
||
oracle flexcube private banking 12.0.0 |
||
oracle service bus 11.1.1.9.0 |
||
oracle fusion middleware 11.1.1.9 |
||
oracle retail back office 14.1 |
||
oracle peoplesoft enterprise peopletools 8.56 |
||
oracle weblogic server 10.3.6.0.0 |
||
oracle utilities framework 4.2.0.3.0 |
||
oracle utilities framework 4.2.0.2.0 |
||
oracle peoplesoft enterprise pt peopletools 8.56 |
||
oracle retail xstore point of service 16.0 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle hospitality reporting and analytics 9.1.0 |
||
oracle application testing suite 13.3.0.1 |
||
oracle retail predictive application server 16.0 |
||
oracle retail returns management 14.1 |
||
oracle retail central office 14.1 |
||
oracle communications billing and revenue management 7.5 |
||
oracle retail point-of-service 14.1 |
||
oracle service bus 12.2.1.3.0 |
||
oracle utilities framework 4.4.0.0.0 |
||
oracle agile plm 9.3.3 |
||
oracle agile plm 9.3.5 |
||
oracle agile plm 9.3.6 |
||
oracle communications unified inventory management 7.3.4 |
||
oracle communications unified inventory management 7.3.5 |
||
oracle communications unified inventory management 7.4.0 |
||
oracle fusion middleware 12.2.1.3.0 |
||
oracle communications metasolv solution 6.3.0 |
||
oracle fusion middleware 12.2.1.4.0 |
||
oracle retail xstore point of service 17.0 |
||
oracle retail xstore point of service 18.0 |
||
oracle utilities framework |
||
oracle utilities framework 4.4.0.2.0 |
||
oracle healthcare foundation 7.3.0 |
||
oracle communications billing and revenue management 12.0.0.3.0 |
||
oracle retail advanced inventory planning 14.1 |
||
oracle banking platform 2.7.1 |
||
oracle banking platform 2.9.0 |
||
oracle communications evolved communications application server 7.1 |
||
oracle communications metasolv solution 6.3.1 |
||
oracle communications billing and revenue management elastic charging engine 12.0.0.3 |
||
oracle communications billing and revenue management elastic charging engine 11.3.0.9 |
||
oracle customer management and segmentation foundation 18.0 |
||
oracle primavera gateway |
||
oracle communications network integrity 7.3.6 |
||
oracle healthcare foundation 7.2.2 |
||
oracle peoplesoft enterprise pt peopletools 8.57 |
||
oracle financial services revenue management and billing analytics 2.7 |
||
oracle financial services revenue management and billing analytics 2.8 |
||
oracle hospitality opera 5 5.5 |
||
oracle hospitality opera 5 5.6 |
||
oracle communications unified inventory management 7.4.1 |
||
oracle jd edwards enterpriseone tools |
||
oracle jd edwards enterpriseone orchestrator |
||
oracle utilities framework 4.4.0.3.0 |
||
oracle agile product lifecycle management integration pack 3.6 |
||
oracle agile product lifecycle management integration pack 3.5 |
||
oracle peoplesoft enterprise pt peopletools 8.58 |
||
oracle jd edwards enterpriseone tools 9.2.5.3 |
||
oracle jd edwards enterpriseone orchestrator 9.2.5.3 |
||
oracle insurance data gateway 1.0.2.3 |
||
oracle healthcare foundation 7.1.5 |
||
oracle healthcare foundation 7.3.1 |
||
oracle healthcare foundation 8.0.1 |
||
oracle service bus 12.2.1.4.0 |
||
oracle enterprise manager for virtualization 13.4.0.0 |
||
oracle communications performance intelligence center 10.4.0.3 |
||
oracle retail price management 14.0.1 |
||
oracle solaris cluster 4.4 |
||
oracle retail price management 15.0 |
||
oracle retail price management 16.0 |
||
oracle retail price management 14.0 |
||
oracle retail merchandising system 5.0.3.1 |
||
oracle real-time decisions solutions 3.2.0.0 |
||
oracle communications cloud native core unified data repository 1.6.0 |
||
oracle communications cloud native core policy 1.9.0 |
||
oracle communications cloud native core console 1.4.0 |
||
oracle communications pricing design center 12.0.0.3.0 |
||
oracle communications convergence 3.0.2.2.0 |
||
oracle retail invoice matching 16.0.3 |
||
oracle communications design studio 7.3.4 |
||
oracle communications design studio 7.3.5 |
||
oracle communications design studio 7.4.0 |
||
oracle time and labor |
||
oracle blockchain platform |