CVE-2019-10086
Severity
7.3HIGH
EPSS
1.2%
top 20.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 20
Latest updateJul 15
Description
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4
Affected Packages58 packages
Also affects: Debian Linux 8.0, Fedora 30, 31, Enterprise Linux 7.7
Patches
🔴Vulnerability Details
4📋Vendor Advisories
18Oracle▶
Oracle Oracle Communications Risk Matrix: Security (Apache Commons BeanUtils) — CVE-2019-10086↗2024-07-15
Oracle
▶
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Apache Commons BeanUtils) — CVE-2019-10086↗2023-10-15
Oracle▶
Oracle Oracle Commerce Risk Matrix: Experience Manager, Platform Services (Apache Commons BeanUtils) — CVE-2019-10086↗2023-07-15
Oracle▶
Oracle Oracle Analytics Risk Matrix: Analytics Server (Apache Commons BeanUtils) — CVE-2019-10086↗2023-04-15