Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202405-16
HistoryMay 05, 2024 - 12:00 a.m.

Apache Commons BCEL: Remote Code Execution

2024-05-0500:00:00
Gentoo Foundation
security.gentoo.org
7
apache commons bcel
remote code execution
u-boot
cve
java class files
upgrade

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.8%

JSON

Background

The Byte Code Engineering Library (Apache Commons BCEL™) is intended to give users a convenient way to analyze, create, and manipulate (binary) Java class files (those ending with .class).

Description

A vulnerability has been discovered in U-Boot tools. Please review the CVE identifier referenced below for details.

Impact

Please review the referenced CVE identifier for details.

Workaround

There is no known workaround at this time.

Resolution

All Apache Commons BCEL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-java/bcel-6.6.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-java/bcel< 6.6.0UNKNOWN

Related

openvas 28
nessus 66
fedora 3
rocky 3
osv 15
cvelist 2
nvd 2
centos 3
ibm 13
cve 2
veracode 2
almalinux 5
redhatcve 2
redhat 20
amazon 5
prion 2
github 2
ubuntucve 2
oraclelinux 6
debiancve 2
googleprojectzero 1
debian 2
alpinelinux 1
githubexploit 1
atlassian 1
cbl_mariner 1
f5 1
cnvd 1
cloudlinux 1
suse 2
altlinux 1
redos 1
openvas
openvas
Debian: Security Advisory (DSA-5256-1)
2022-10-20 00:00:00
Fedora: Security Advisory for bcel (FEDORA-2022-01a56f581c)
2022-12-11 00:00:00
Huawei EulerOS: Security Advisory for bcel (EulerOS-SA-2023-2137)
2023-06-09 00:00:00
nessus
nessus
GLSA-202405-16 : Apache Commons BCEL: Remote Code Execution
2024-05-06 00:00:00
Amazon Linux 2022 : (ALAS2022-2023-275)
2023-01-25 00:00:00
RHEL 7 : bcel (RHSA-2022:8958)
2022-12-13 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: bcel-6.4.1-10.fc36
2022-12-11 01:40:33
[SECURITY] Fedora 37 Update: bcel-6.5.0-3.fc37
2022-12-11 01:27:15
[SECURITY] Fedora 35 Update: bcel-6.4.1-10.fc35
2022-12-11 01:47:38
rocky
rocky
bcel security update
2023-01-02 06:07:03
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 13:45:21
java-11-openjdk security, bug fix, and enhancement update
2022-07-21 13:41:28
osv
osv
Important: bcel security update
2023-01-02 06:07:03
CVE-2022-42920
2022-11-07 13:15:10
Apache Commons BCEL vulnerable to out-of-bounds write
2022-11-07 19:00:22
cvelist
cvelist
CVE-2022-42920 Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing
2022-11-07 00:00:00
CVE-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
2022-07-19 00:00:00
nvd
nvd
CVE-2022-42920
2022-11-07 13:15:10
CVE-2022-34169
2022-07-19 18:15:11
centos
centos
bcel security update
2023-07-27 14:36:35
java security update
2022-08-02 19:13:38
java security update
2022-08-02 19:14:32
ibm
ibm
Security Bulletin: Code injection vulnerability affect IBM Business Automation Workflow (CVE-2022-42920)
2023-01-09 16:57:44
Security Bulletin: There is a vulnerability in Apache Commons BCEL used by IBM Maximo Asset Management (CVE-2022-42920)
2023-06-20 22:09:20
Security Bulletin: There is a vulnerability in Apache Commons BCEL used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42920)
2023-03-10 20:35:24
cve
cve
CVE-2022-42920
2022-11-07 13:15:10
CVE-2022-34169
2022-07-19 18:15:11
veracode
veracode
Out-of-bound Write
2022-11-08 07:11:00
Remote Code Execution
2022-07-20 08:21:43
almalinux
almalinux
Important: bcel security update
2023-01-02 00:00:00
Important: java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
Important: java-11-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
redhatcve
redhatcve
CVE-2022-42920
2022-11-15 01:55:59
CVE-2022-34169
2022-07-19 22:54:51
redhat
redhat
(RHSA-2022:8958) Important: bcel security update
2022-12-13 13:48:23
(RHSA-2022:8959) Important: rh-maven36-bcel security update
2022-12-13 13:52:59
(RHSA-2023:0005) Important: bcel security update
2023-01-02 06:07:03
amazon
amazon
Important: bcel
2023-01-18 00:17:00
Important: bcel
2023-01-18 20:56:00
Important: java-11-amazon-corretto
2022-07-19 01:18:00
prion
prion
Out-of-bounds
2022-11-07 13:15:00
Integer overflow
2022-07-19 18:15:00
github
github
Apache Commons BCEL vulnerable to out-of-bounds write
2022-11-07 19:00:22
Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
2022-07-20 00:00:18
ubuntucve
ubuntucve
CVE-2022-42920
2022-11-07 00:00:00
CVE-2022-34169
2022-07-19 00:00:00
oraclelinux
oraclelinux
bcel security update
2022-12-14 00:00:00
bcel security update
2023-01-03 00:00:00
java-1.8.0-openjdk security, bug fix, and enhancement update
2022-07-25 00:00:00
debiancve
debiancve
CVE-2022-42920
2022-11-07 13:15:10
CVE-2022-34169
2022-07-19 18:15:11
googleprojectzero
googleprojectzero
Gregor Samsa: Exploiting Java's XML Signature Verification
2022-11-02 00:00:00
debian
debian
[SECURITY] [DLA 3155-1] bcel security update
2022-10-18 17:55:52
[SECURITY] [DSA 5256-1] bcel security update
2022-10-18 18:04:55
alpinelinux
alpinelinux
CVE-2022-34169
2022-07-19 18:15:11
githubexploit
githubexploit
Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java
2022-08-15 09:43:08
atlassian
atlassian
RCE (Remote Code Execution) xalan:xalan Dependency in Jira Software Data Center and Server
2024-03-07 14:45:37
cbl_mariner
cbl_mariner
CVE-2022-34169 affecting package openjdk8 1.8.0.332-2
2024-07-01 09:08:31
f5
f5
K42795243 : Apache Xalan Java Library vulnerability CVE-2022-34169
2022-08-25 00:00:00
cnvd
cnvd
Apache Xalan input validation error vulnerability
2022-07-21 00:00:00
cloudlinux
cloudlinux
Fixed CVEs in java-1.8.0-openjdk: CVE-2022-21541, CVE-2022-34169, CVE-2022-21540
2022-08-04 18:46:36
suse
suse
Security update for java-11-openjdk (important)
2022-08-09 00:00:00
Security update for java-1_8_0-openjdk (important)
2022-08-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package java-11-openjdk version 0:11.0.16.0.8-alt1_1jpp11
2022-08-05 00:00:00
redos
redos
ROS-20240522-05
2024-05-22 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.8%

JSON
Related for GLSA-202405-16
openvas28nessus66fedora3rocky3osv15cvelist2nvd2centos3ibm13cve2veracode2almalinux5redhatcve2redhat20amazon5prion2github2ubuntucve2oraclelinux6debiancve2googleprojectzero1debian2alpinelinux1githubexploit1atlassian1cbl_mariner1f51cnvd1cloudlinux1suse2altlinux1redos1