Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2019-10086
CVE information
Published
Last Modified
CVSSv2.0 Severity
CVSSv3.1 Severity
Impact Analysis
Description
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
CVSSv3.1 Score
- Severity
- High
- Base Score
- 7.3/10
- Exploit Score
- 3.9/10
- Access Vector
- Network
- Access Complexity
- Low
- Privileges Required
- None
- Impact Score
- 3.4/10
- Confidentiality Impact
- Low
- Availability Impact
- Low
- Integrity Impact
- Low
- Scope
- Unchanged
- User Interaction
- None
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:* |
Yes
|
1.0 | - | |
cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_predictive_application_server:16.0:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_unified_inventory_management |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_unified_inventory_management |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_unified_inventory_management |
Yes
|
- | - | |
cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* |
Yes
|
4.3.0.1.0 | - | |
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_evolved_communications_appli |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_billing_and_revenue_manageme |
Yes
|
- | - | |
cpe:2.3:a:oracle:customer_management_and_segmentation_founda |
Yes
|
- | - | |
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* |
Yes
|
16.2.0 | - | |
cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* |
Yes
|
17.12.0 | - | |
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:financial_services_revenue_management_and_b |
Yes
|
- | - | |
cpe:2.3:a:oracle:financial_services_revenue_management_and_b |
Yes
|
- | - | |
cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_unified_inventory_management |
Yes
|
- | - | |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*: |
Yes
|
- | 9.2.5.3 | |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:* |
Yes
|
- | 9.2.5.3 | |
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:agile_product_lifecycle_management_integrat |
Yes
|
- | - | |
cpe:2.3:a:oracle:agile_product_lifecycle_management_integrat |
Yes
|
- | - | |
cpe:2.3:a:oracle:agile_product_lifecycle_management_integrat |
Yes
|
- | - | |
cpe:2.3:a:oracle:agile_product_lifecycle_management_integrat |
Yes
|
- | - | |
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5 |
Yes
|
- | - | |
cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4. |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_performance_intelligence_cen |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_cloud_native_core_unified_da |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9 |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_cloud_native_core_console:1. |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0 |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*: |
Yes
|
- | - | |
cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:* |
Yes
|
12.2.6 | - | |
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* |
Yes
|
- | 21.1.2 |
References
- https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html
- https://access.redhat.com/errata/RHSA-2019:4317
- https://access.redhat.com/errata/RHSA-2020:0057
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://access.redhat.com/errata/RHSA-2020:0194
- https://access.redhat.com/errata/RHSA-2020:0811
- https://access.redhat.com/errata/RHSA-2020:0804
- https://access.redhat.com/errata/RHSA-2020:0805
- https://access.redhat.com/errata/RHSA-2020:0806
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-
- https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce
- https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078
- https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd6
- https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995b
- https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af0
- https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48
- https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bb
- https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0
- https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b
- https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798
- https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae
- https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org
- https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed
- https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933
- https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de82
- https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23
- https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28
- https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a14
- https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7d
- https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78fa
- https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a1
- https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cda
- https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e588
- https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b17962212
- https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202
- https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98d
- https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754
- https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c
- https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166
- https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b86606
- https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3
- https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c
- https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f