Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.3
CVSSv3

CVE-2019-10086

Published: 20/08/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Commons Beanutils

Vulnerability Summary

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an malicious user to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache commons beanutils

apache nifi 1.14.0

apache nifi 1.15.0

debian debian linux 8.0

opensuse leap 15.0

opensuse leap 15.1

fedoraproject fedora 30

fedoraproject fedora 31

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 7.7

redhat enterprise linux server tus 7.7

redhat enterprise linux eus 7.7

redhat jboss_enterprise_application_platform 7.2.0

oracle retail xstore point of service 15.0

oracle flexcube private banking 12.1.0

oracle banking platform 2.4.0

oracle retail xstore point of service 7.1

oracle flexcube private banking 12.0.0

oracle service bus 11.1.1.9.0

oracle fusion middleware 11.1.1.9

oracle retail back office 14.1

oracle peoplesoft enterprise peopletools 8.56

oracle weblogic server 10.3.6.0.0

oracle utilities framework 4.2.0.3.0

oracle utilities framework 4.2.0.2.0

oracle peoplesoft enterprise pt peopletools 8.56

oracle retail xstore point of service 16.0

oracle peoplesoft enterprise peopletools 8.57

oracle hospitality reporting and analytics 9.1.0

oracle application testing suite 13.3.0.1

oracle retail predictive application server 16.0

oracle retail returns management 14.1

oracle retail central office 14.1

oracle communications billing and revenue management 7.5

oracle retail point-of-service 14.1

oracle service bus 12.2.1.3.0

oracle utilities framework 4.4.0.0.0

oracle agile plm 9.3.3

oracle agile plm 9.3.5

oracle agile plm 9.3.6

oracle communications unified inventory management 7.3.4

oracle communications unified inventory management 7.3.5

oracle communications unified inventory management 7.4.0

oracle fusion middleware 12.2.1.3.0

oracle communications metasolv solution 6.3.0

oracle fusion middleware 12.2.1.4.0

oracle retail xstore point of service 17.0

oracle retail xstore point of service 18.0

oracle utilities framework

oracle utilities framework 4.4.0.2.0

oracle healthcare foundation 7.3.0

oracle communications billing and revenue management 12.0.0.3.0

oracle retail advanced inventory planning 14.1

oracle banking platform 2.7.1

oracle banking platform 2.9.0

oracle communications evolved communications application server 7.1

oracle communications metasolv solution 6.3.1

oracle communications billing and revenue management elastic charging engine 12.0.0.3

oracle communications billing and revenue management elastic charging engine 11.3.0.9

oracle customer management and segmentation foundation 18.0

oracle primavera gateway

oracle communications network integrity 7.3.6

oracle healthcare foundation 7.2.2

oracle peoplesoft enterprise pt peopletools 8.57

oracle financial services revenue management and billing analytics 2.7

oracle financial services revenue management and billing analytics 2.8

oracle hospitality opera 5 5.5

oracle hospitality opera 5 5.6

oracle communications unified inventory management 7.4.1

oracle jd edwards enterpriseone tools

oracle jd edwards enterpriseone orchestrator

oracle utilities framework 4.4.0.3.0

oracle agile product lifecycle management integration pack 3.6

oracle agile product lifecycle management integration pack 3.5

oracle peoplesoft enterprise pt peopletools 8.58

oracle jd edwards enterpriseone tools 9.2.5.3

oracle jd edwards enterpriseone orchestrator 9.2.5.3

oracle insurance data gateway 1.0.2.3

oracle healthcare foundation 7.1.5

oracle healthcare foundation 7.3.1

oracle healthcare foundation 8.0.1

oracle service bus 12.2.1.4.0

oracle enterprise manager for virtualization 13.4.0.0

oracle communications performance intelligence center 10.4.0.3

oracle retail price management 14.0.1

oracle solaris cluster 4.4

oracle retail price management 15.0

oracle retail price management 16.0

oracle retail price management 14.0

oracle retail merchandising system 5.0.3.1

oracle real-time decisions solutions 3.2.0.0

oracle communications cloud native core unified data repository 1.6.0

oracle communications cloud native core policy 1.9.0

oracle communications cloud native core console 1.4.0

oracle communications pricing design center 12.0.0.3.0

oracle communications convergence 3.0.2.2.0

oracle retail invoice matching 16.0.3

oracle communications design studio 7.3.4

oracle communications design studio 7.3.5

oracle communications design studio 7.4.0

oracle time and labor

oracle blockchain platform

Vendor Advisories

Amazon Linux 2: ALAS2-2020-1395
In Apache Commons Beanutils 192, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects We, however were not using this by default characteristic of the PropertyUtilsBean (CVE-2019-10086) ...
Red Hat: Important: candlepin and satellite security update
Synopsis Important: candlepin and satellite security update Type/Severity Security Advisory: Important Topic An update for candlepin and satellite is now available for Red Hat Satellite 65 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: rh-java-common-apache-commons-beanutils security update
Synopsis Important: rh-java-common-apache-commons-beanutils security update Type/Severity Security Advisory: Important Topic An update for rh-java-common-apache-commons-beanutils is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of I ...
Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R17 security and bug fix update
Synopsis Important: Red Hat JBoss Fuse/A-MQ 63 R17 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Fuse 63 and Red Hat JBoss A-MQ 63Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Red Hat: Low: Red Hat Virtualization Engine security, bug fix 4.3.9
Synopsis Low: Red Hat Virtualization Engine security, bug fix 439 Type/Severity Security Advisory: Low Topic An update is now available for Red Hat Virtualization Engine 43Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Important: rh-maven35-apache-commons-beanutils security update
Synopsis Important: rh-maven35-apache-commons-beanutils security update Type/Severity Security Advisory: Important Topic An update for rh-maven35-apache-commons-beanutils is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important ...
Red Hat: Important: apache-commons-beanutils security update
Synopsis Important: apache-commons-beanutils security update Type/Severity Security Advisory: Important Topic An update for apache-commons-beanutils is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Red Hat: Important: Red Hat Data Grid 7.3.6 security update
Synopsis Important: Red Hat Data Grid 736 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Important: Red Hat Process Automation Manager 7.8.0 Security Update
Synopsis Important: Red Hat Process Automation Manager 780 Security Update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scori ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.7 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 727 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72Red Hat Product Security has rated this update as having a security impact of Important A ...
Red Hat: Important: Red Hat Single Sign-On 7.3.7 security update
Synopsis Important: Red Hat Single Sign-On 737 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 8 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 727 on RHEL 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 6 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 727 on RHEL 6 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat Decision Manager 7.7.0 Security Update
Synopsis Important: Red Hat Decision Manager 770 Security Update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: EAP Continuous Delivery Technical Preview Release 19 security update
Synopsis Important: EAP Continuous Delivery Technical Preview Release 19 security update Type/Severity Security Advisory: Important Topic This is a security update for JBoss EAP Continuous Delivery 19Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabi ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.7 on RHEL 7 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 727 on RHEL 7 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update
Synopsis Important: Red Hat build of Thorntail 251 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of ThorntailRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: Satellite 6.7 release.
Synopsis Important: Satellite 67 release Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 67 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: Red Hat Fuse 7.7.0 release and security update
Synopsis Important: Red Hat Fuse 770 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 76 to 77) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...
Red Hat: Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update
Synopsis Important: RHV Manager (ovirt-engine) 44 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a security ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint
Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint CVE-2018-10054, CVE-2018-14335, CVE-2018-20200, CVE-2019-10086, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019- ...

References

CWE-502https://lists.debian.org/debian-lts-announce/2019/08/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.htmlhttps://access.redhat.com/errata/RHSA-2019:4317https://access.redhat.com/errata/RHSA-2020:0057https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://access.redhat.com/errata/RHSA-2020:0194https://access.redhat.com/errata/RHSA-2020:0811https://access.redhat.com/errata/RHSA-2020:0804https://access.redhat.com/errata/RHSA-2020:0805https://access.redhat.com/errata/RHSA-2020:0806https://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttp://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3ehttps://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3Ehttps://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3Ehttps://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3Ehttps://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3Ehttps://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3Ehttps://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3Ehttps://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3Ehttps://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3Ehttps://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3Ehttps://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3Ehttps://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3Ehttps://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3Ehttps://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3Ehttps://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3Ehttps://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3Ehttps://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3Ehttps://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3Ehttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1395.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook