CVE-2019-10086
Description
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
Risk Information
Base Score
7.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.317
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 10.3.6.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.1.3.0.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.3.0 | Windows |
| Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0 | Windows |
| Vulnerabilities CVE-2020-4163,CVE-2019-10086,CVE-2019-4505,CVE-2019-4670 are fixed in IBM WebSphere 8.5.5.17 | Windows |
| Vulnerabilities CVE-2019-10086,CVE-2015-7450 are fixed in IBM WebSphere 9.0.5.2 | Windows |
| Vulnerabilities CVE-2019-10086,CVE-2014-0114 are fixed in Apache-commons-beanutils 1.9.4 | Windows |
| Vulnerabilities CVE-2019-10086,CVE-2020-11022 are affected in Oracle Financial Services Revenue Management and Billing 2.7.0 | Windows |
| Vulnerabilities CVE-2019-10086,CVE-2020-11022 are affected in Oracle Financial Services Revenue Management and Billing 2.8.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Security Guardium 11.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.10.5.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Spectrum Protect Server 7.1.11 | Windows |
| Multiple Vulnerabilities are affected in IBM Spectrum Protect Server 8.1.10 | Windows |
| SUSE-SU-2019:2244-1(SUSE Linux Enterprise Server 12-SP4 ) apache-commons-beanutils-1.9.2-3.3.1.noarch.rpm | Linux |
| SUSE-SU-2019:2244-1(SUSE Linux Enterprise Server 12-SP4 ) apache-commons-beanutils-javadoc-1.9.2-3.3.1.noarch.rpm | Linux |
| (RHSA-2020:0194) apache-commons-beanutils security update apache-commons-beanutils-1.8.3-15.el7_7.noarch.rpm | Linux |
| (RHSA-2020:0194) apache-commons-beanutils security update apache-commons-beanutils-javadoc-1.8.3-15.el7_7.noarch.rpm | Linux |
| Apache-commons-beanutils update (ELSA-2020-0194) apache-commons-beanutils-1.8.3-15.el7_7.noarch.rpm | Linux |
| Apache-commons-beanutils-javadoc update (ELSA-2020-0194) apache-commons-beanutils-javadoc-1.8.3-15.el7_7.noarch.rpm | Linux |
| (CESA-2020:0194) apache-commons-beanutils security update apache-commons-beanutils-1.8.3-15.el7_7.noarch.rpm | Linux |
| (CESA-2020:0194) apache-commons-beanutils security update apache-commons-beanutils-javadoc-1.8.3-15.el7_7.noarch.rpm | Linux |
| apache-commons-beanutils Security Update (ALAS-2020-1395) apache-commons-beanutils-1.8.3-15.amzn2.noarch.rpm | Linux |
| apache-commons-beanutils Security Update (ALAS-2020-1395) apache-commons-beanutils-javadoc-1.8.3-15.amzn2.noarch.rpm | Linux |
| Vulnerabilities CVE-2019-10086,CVE-2014-0114 are fixed in Apache-commons-beanutils for Linux 1.9.4 | Linux |
| Important: javapackages-tools:201801 security update ALSA-2025:9318 sisu-plexus-0.3.3-7.module_el8.10.0+4020+7deec6e4.noarch.rpm | Linux |
| Important: javapackages-tools:201801 security update ALSA-2025:9318 sisu-inject-0.3.3-7.module_el8.10.0+4020+7deec6e4.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 velocity-1.7-24.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 jline-2.14.6-2.module+el8.3.0+241+f23502a8.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 jboss-interceptors-1.2-api-1.0.0-8.module+el8.3.0+133+b8b54b58.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 javassist-javadoc-3.18.1-8.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 javassist-3.18.1-8.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 jansi-native-1.7-7.module+el8.3.0+133+b8b54b58.x86_64.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 jakarta-commons-httpclient-3.1-28.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 hawtjni-runtime-1.16-2.module+el8.3.0+133+b8b54b58.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 guava20-20.0-8.module+el8.3.0+133+b8b54b58.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 apache-commons-net-3.6-3.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 apache-commons-logging-1.2-13.module+el8.3.0+133+b8b54b58.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 apache-commons-lang-2.6-21.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 apache-commons-collections-3.2.2-10.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 xerces-j2-2.11.0-34.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 xml-commons-resolver-1.2-26.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| javapackages-tools:201801 security update (RLSA-2025:9318) RLSA-2025:9318 xalan-j2-2.7.1-38.module+el8.10.0+1763+c7c02164.noarch.rpm | Linux |
| Deserialization of Untrusted Data Vulnerability (CVE-2019-10086) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234