Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC22253825FA485019FC06565D7E7D6C4103E0C10B6510212859354833FAEB242
HistoryAug 06, 2020 - 5:01 p.m.

Security Bulletin: Content Collector for Email is affected by a embedded WebSphere Application Server is vulnerable to Apache Commons beanutils

2020-08-0617:01:19
www.ibm.com
23

0.003 Low

EPSS

Percentile

71.2%

JSON

Summary

Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.

Vulnerability Details

CVEID:CVE-2019-10086
**DESCRIPTION:**Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Content Collector for Email 4.0.0
Content Collector for Email 4.0.1

Remediation/Fixes

Product VRM Remediation
Content Collector for Email 4.0.0, 4.0.1 Use Content Collector for Email 4.0.1.9 Interim Fix IF006

Workarounds and Mitigations

None

CPENameOperatorVersion
content collectoreq4.0.1

Related

nessus 41
suse 1
openvas 9
osv 3
cgr 1
ibm 79
amazon 1
fedora 2
ubuntucve 1
mageia 1
symantec 1
redhat 20
veracode 1
prion 1
nvd 1
gentoo 1
debiancve 1
cvelist 1
github 1
cve 1
debian 1
redhatcve 1
centos 1
wolfi 1
ubuntu 1
oraclelinux 1
hp 1
oracle 15
nessus
nessus
NewStart CGSL CORE 5.05 / MAIN 5.05 : apache-commons-beanutils Vulnerability (NS-SA-2020-0100)
2020-12-09 00:00:00
RHEL 7 : apache-commons-beanutils (RHSA-2020:0194)
2020-01-22 00:00:00
Oracle Linux 7 : apache-commons-beanutils (ELSA-2020-0194)
2020-01-23 00:00:00
suse
suse
Security update for apache-commons-beanutils (important)
2019-09-03 00:00:00
openvas
openvas
CentOS: Security Advisory for apache-commons-beanutils (CESA-2020:0194)
2020-01-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:2245-1)
2021-06-09 00:00:00
Fedora Update for apache-commons-beanutils FEDORA-2019-bcad44b5d6
2020-01-09 00:00:00
osv
osv
commons-beanutils - security update
2019-08-24 00:00:00
Insecure Deserialization in Apache Commons Beanutils
2020-06-15 20:36:17
commons-beanutils vulnerabilities
2021-03-15 20:06:47
cgr
cgr
CVE-2019-10086 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
Security Bulletin: A Security Vulnerability Has Been Identified In WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager (CVE-2019-10086)
2020-01-28 18:55:36
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2019-10086)
2020-02-25 08:59:00
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2019-10086)
2020-06-10 03:22:51
amazon
amazon
Important: apache-commons-beanutils
2020-02-17 19:50:00
fedora
fedora
[SECURITY] Fedora 31 Update: apache-commons-beanutils-1.9.4-1.fc31
2019-11-13 10:08:09
[SECURITY] Fedora 30 Update: apache-commons-beanutils-1.9.4-1.fc30
2019-11-13 09:58:19
ubuntucve
ubuntucve
CVE-2019-10086
2019-08-20 00:00:00
mageia
mageia
Updated apache-commons-beanutils packages fix security vulnerability
2019-12-19 16:44:26
symantec
symantec
Apache Commons Beanutils CVE-2019-10086 Remote Security Vulnerability
2019-08-15 00:00:00
redhat
redhat
(RHSA-2020:0194) Important: apache-commons-beanutils security update
2020-01-21 18:21:47
(RHSA-2020:2619) Important: Red Hat Fuse 7.6.0 on EAP security update
2020-06-18 14:53:14
(RHSA-2020:2740) Important: candlepin and satellite security update
2020-06-24 14:05:48
veracode
veracode
Authorization Bypass
2019-08-16 00:43:09
prion
prion
Default configuration
2019-08-20 21:15:00
nvd
nvd
CVE-2019-10086
2019-08-20 21:15:12
gentoo
gentoo
Commons-BeanUtils: Improper Access Restriction
2024-05-08 00:00:00
debiancve
debiancve
CVE-2019-10086
2019-08-20 21:15:12
cvelist
cvelist
CVE-2019-10086
2019-08-20 20:10:15
github
github
Insecure Deserialization in Apache Commons Beanutils
2020-06-15 20:36:17
cve
cve
CVE-2019-10086
2019-08-20 21:15:12
debian
debian
[SECURITY] [DLA 1896-1] commons-beanutils security update
2019-08-24 14:49:34
redhatcve
redhatcve
CVE-2019-10086
2020-02-14 11:44:26
centos
centos
apache security update
2020-01-28 21:30:14
wolfi
wolfi
CVE-2019-10086 vulnerabilities
2024-07-05 21:08:40
ubuntu
ubuntu
Apache Commons BeanUtils vulnerabilities
2021-03-15 00:00:00
oraclelinux
oraclelinux
apache-commons-beanutils security update
2020-01-22 00:00:00
hp
hp
HP Device Manager Security Updates
2023-10-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00

0.003 Low

EPSS

Percentile

71.2%

JSON
Related for C22253825FA485019FC06565D7E7D6C4103E0C10B6510212859354833FAEB242
nessus41suse1openvas9osv3cgr1ibm79amazon1fedora2ubuntucve1mageia1symantec1redhat20veracode1prion1nvd1gentoo1debiancve1cvelist1github1cve1debian1redhatcve1centos1wolfi1ubuntu1oraclelinux1hp1oracle15