English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2019-10086

High
Low Medium High Critical
7.3
CVSS Score
Published: Aug 20, 2019
Last Modified: Nov 21, 2024
CWE: CWE-502

Vulnerability Description

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
L
Integrity
L
Availability
L

Known Affected Software

106 configuration(s) from 6 vendor(s)

nifi
Version:
1.14.0
CPE:
cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*
nifi
Version:
1.15.0
CPE:
cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*
debian_linux
Version:
8.0
CPE:
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
fedora
Version:
30
CPE:
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedora
Version:
31
CPE:
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
leap
Version:
15.0
CPE:
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
leap
Version:
15.1
CPE:
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
fusion_middleware
Version:
12.2.1.4.0
CPE:
cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*
retail_point-of-service
Version:
14.1
CPE:
cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
customer_management_and_segmentation_foundation
Version:
18.0
CPE:
cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
healthcare_foundation
Version:
7.3.1
CPE:
cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*
communications_metasolv_solution
Version:
6.3.0
CPE:
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*
agile_plm
Version:
9.3.6
CPE:
cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
communications_billing_and_revenue_management
Version:
7.5
CPE:
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
retail_back_office
Version:
14.1
CPE:
cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
flexcube_private_banking
Version:
12.1.0
CPE:
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
financial_services_revenue_management_and_billing_analytics
Version:
2.8
CPE:
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
agile_plm
Version:
9.3.3
CPE:
cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*
service_bus
Version:
11.1.1.9.0
CPE:
cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
communications_billing_and_revenue_management_elastic_charging_engine
Version:
12.0.0.3
CPE:
cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*
hospitality_reporting_and_analytics
Version:
9.1.0
CPE:
cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
agile_plm
Version:
9.3.5
CPE:
cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*
communications_evolved_communications_application_server
Version:
7.1
CPE:
cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*
hospitality_opera_5
Version:
5.5
CPE:
cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.2.5.3
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*
hospitality_opera_5
Version:
5.6
CPE:
cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*
retail_price_management
Version:
14.0.1
CPE:
cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*
peoplesoft_enterprise_peopletools
Version:
8.57
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
utilities_framework
Version:
4.2.0.3.0
CPE:
cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
agile_product_lifecycle_management_integration_pack
Version:
3.6
CPE:
cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*
communications_network_integrity
Version:
7.3.6
CPE:
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
retail_price_management
Version:
16.0
CPE:
cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.2
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
retail_central_office
Version:
14.1
CPE:
cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
communications_pricing_design_center
Version:
12.0.0.3.0
CPE:
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
communications_cloud_native_core_policy
Version:
1.9.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*
retail_xstore_point_of_service
Version:
7.1
CPE:
cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
retail_advanced_inventory_planning
Version:
14.1
CPE:
cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*
peoplesoft_enterprise_pt_peopletools
Version:
8.57
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
utilities_framework
Version:
4.4.0.2.0
CPE:
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.2.0.0
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.0.0:*:*:*:*:*:*:*
peoplesoft_enterprise_pt_peopletools
Version:
8.56
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*
communications_metasolv_solution
Version:
6.3.1
CPE:
cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*
communications_performance_intelligence_center
Version:
10.4.0.3
CPE:
cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*
application_testing_suite
Version:
13.3.0.1
CPE:
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
flexcube_private_banking
Version:
12.0.0
CPE:
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
utilities_framework
Version:
4.2.0.2.0
CPE:
cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
healthcare_foundation
Version:
7.2.2
CPE:
cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
agile_product_lifecycle_management_integration_pack
Version:
3.5
CPE:
cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*
communications_billing_and_revenue_management_elastic_charging_engine
Version:
11.3.0.9
CPE:
cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*
retail_xstore_point_of_service
Version:
16.0
CPE:
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*
communications_design_studio
Version:
7.3.4
CPE:
cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*
service_bus
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
weblogic_server
Version:
10.3.6.0.0
CPE:
cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
retail_xstore_point_of_service
Version:
15.0
CPE:
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.1
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1:*:*:*:*:*:*:*
healthcare_foundation
Version:
7.1.5
CPE:
cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*
communications_billing_and_revenue_management
Version:
12.0.0.3.0
CPE:
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
communications_unified_inventory_management
Version:
7.3.4
CPE:
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
banking_platform
Version:
2.4.0
CPE:
cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_orchestrator
Version:
9.2.5.3
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*
healthcare_foundation
Version:
8.0.1
CPE:
cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*
real-time_decisions_solutions
Version:
3.2.0.0
CPE:
cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*
retail_predictive_application_server
Version:
16.0
CPE:
cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*
enterprise_manager_for_virtualization
Version:
13.4.0.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*
peoplesoft_enterprise_peopletools
Version:
8.56
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
communications_unified_inventory_management
Version:
7.3.5
CPE:
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
retail_returns_management
Version:
14.1
CPE:
cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
financial_services_revenue_management_and_billing_analytics
Version:
2.7
CPE:
cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.1.5
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.1.5:*:*:*:*:*:*:*
banking_platform
Version:
2.7.1
CPE:
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
communications_design_studio
Version:
7.4.0
CPE:
cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
4.0.1.0
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:4.0.1.0:*:*:*:*:*:*:*
retail_xstore_point_of_service
Version:
17.0
CPE:
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.2.4.2
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.2:*:*:*:*:*:*:*
communications_design_studio
Version:
7.3.5
CPE:
cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*
utilities_framework
Version:
4.4.0.0.0
CPE:
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
retail_price_management
Version:
15.0
CPE:
cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*
retail_price_management
Version:
14.0
CPE:
cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*
communications_convergence
Version:
3.0.2.2.0
CPE:
cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*
utilities_framework
Version:
4.4.0.3.0
CPE:
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.2.4.0
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.4.0:*:*:*:*:*:*:*
banking_platform
Version:
2.9.0
CPE:
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
8.98
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:8.98:*:*:*:*:*:*:*
communications_cloud_native_core_unified_data_repository
Version:
1.6.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*
solaris_cluster
Version:
4.4
CPE:
cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*
fusion_middleware
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*
retail_invoice_matching
Version:
16.0.3
CPE:
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*
service_bus
Version:
12.2.1.4.0
CPE:
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*
peoplesoft_enterprise_pt_peopletools
Version:
8.58
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
communications_unified_inventory_management
Version:
7.4.1
CPE:
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
jd_edwards_enterpriseone_tools
Version:
9.2.5.0
CPE:
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.0:*:*:*:*:*:*:*
retail_xstore_point_of_service
Version:
18.0
CPE:
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*
healthcare_foundation
Version:
7.3.0
CPE:
cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
communications_cloud_native_core_console
Version:
1.4.0
CPE:
cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*
communications_unified_inventory_management
Version:
7.4.0
CPE:
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
retail_merchandising_system
Version:
5.0.3.1
CPE:
cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*
insurance_data_gateway
Version:
1.0.2.3
CPE:
cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*
fusion_middleware
Version:
11.1.1.9
CPE:
cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*
enterprise_linux_workstation
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:x64:*
enterprise_linux_eus
Version:
7.7
CPE:
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
enterprise_linux_server
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:x64:*
jboss_enterprise_application_platform
Version:
7.2.0
CPE:
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*
enterprise_linux_desktop
Version:
7.0
CPE:
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:x64:*
enterprise_linux_server_aus
Version:
7.7
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
enterprise_linux_server_tus
Version:
7.7
CPE:
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
This vulnerability affects 106 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.3
out of 10.0
High

Weakness Type (CWE)

CWE-502 Top 25 #15

Deserialization of Untrusted Data

Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Exploit Likelihood
Medium
Typical Severity
Medium
OWASP Top 10
A08:2021-Software/Data Integrity Failures
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
August 20, 2019

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record