apache commons-beanutils CVE-2019-10086 vulnerability in Apache and Other Products
Published on August 20, 2019

product logo product logo product logo product logo product logo product logo
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-10086

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10086 are published in these products:

Apache Commons Beanutils
 
Oracle Communications Metasolv Solution
 
Oracle Peoplesoft Enterprise Peopletools
 
Oracle Retail Xstore Point Of Service
 
Debian Linux
 
Fedora Project Fedora
 
OpenSuse Leap
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Eus
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Workstation
 
Oracle Communications Billing Revenue Management Elastic Charging Engine
 
Oracle Customer Management Segmentation Foundation
 
Oracle Primavera Gateway
 
Apache NiFi
 
Oracle Agile Plm
 
Oracle Agile Product Lifecycle Management Integration Pack
 
Oracle Application Testing Suite
 
Oracle Banking Platform
 
Oracle Communications Cloud Native Core Console
 
Oracle Communications Cloud Native Core Policy
 
Oracle Communications Cloud Native Core Unified Data Repository
 
Oracle Communications Evolved Communications Application Server
 
Oracle Communications Performance Intelligence Center
 
Oracle Communications Pricing Design Center
 
Oracle Communications Unified Inventory Management
 
Oracle Enterprise Manager Virtualization
 
Oracle Financial Services Revenue Management Billing Analytics
 
Oracle Flexcube Private Banking
 
Oracle Fusion Middleware
 
Oracle Healthcare Foundation
 
Oracle Hospitality Opera 5
 
Oracle Insurance Data Gateway
 
Oracle Jd Edwards Enterpriseone Orchestrator
 
Oracle Jd Edwards Enterpriseone Tools
 
Oracle Peoplesoft Enterprise Pt Peopletools
 
Oracle Real Time Decisions Solutions
 
Oracle Retail Advanced Inventory Planning
 
Oracle Retail Back Office
 
Oracle Retail Central Office
 
Oracle Retail Merchandising System
 
Oracle Retail Point Of Service
 
Oracle Retail Predictive Application Server
 
Oracle Retail Price Management
 
Oracle Retail Returns Management
 
Oracle Service Bus
 
Oracle Solaris Cluster
 
Oracle Utilities Framework
 
Oracle Weblogic Server
 
Oracle Communications Billing Revenue Management
 
Oracle Communications Convergence
 
Oracle Communications Design Studio
 
Oracle Hospitality Reporting Analytics
 
Oracle Time And Labor
 
Oracle Communications Network Integrity
 
Oracle Retail Invoice Matching
 
Oracle Blockchain Platform
 

Affected Versions

Apache Commons Beanutils Version Apache Commons Beanutils 1.0 to 1.9.3 is affected by CVE-2019-10086

Exploit Probability

EPSS
0.32%
Percentile
54.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.