Lucene search
Redhat.comRH:CVE-2019-10173HistoryJul 22, 2019 - 2:36 p.m.
CVE-2019-10173
2019-07-2214:36:13
redhat.com
access.redhat.com
29
0.942 High
EPSS
Percentile
99.2%
It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of CVE-2013-7285 fixed in 1.4.7 (fixed) as of BPMS 6.0.1, the regression was introduced with xstream-1.4.10 implemented in RHPAM.
Related
osv
osv
Deserialization of Untrusted Data and Code Injection in xstream
2019-07-26 16:09:47
CVE-2019-10173
2019-07-23 13:15:13
Command Injection in Xstream
2019-05-29 18:05:03
github
github
Deserialization of Untrusted Data and Code Injection in xstream
2019-07-26 16:09:47
Command Injection in Xstream
2019-05-29 18:05:03
Server-Side Forgery Request can be activated unmarshalling with XStream
2020-12-21 16:28:42
ibm
ibm
myhack58
myhack58
cve
cve
CVE-2019-10173
2019-07-23 13:15:13
CVE-2013-7285
2019-05-15 17:29:00
ubuntucve
ubuntucve
CVE-2019-10173
2019-07-23 00:00:00
CVE-2013-7285
2019-05-15 00:00:00
cvelist
cvelist
CVE-2019-10173
2019-07-23 12:50:44
CVE-2013-7285
2019-05-15 16:54:57
nvd
nvd
CVE-2019-10173
2019-07-23 13:15:13
CVE-2013-7285
2019-05-15 17:29:00
prion
prion
Deserialization of untrusted data
2019-07-23 13:15:00
Design/Logic Flaw
2019-05-15 17:29:00
veracode
veracode
Remote Code Execution (RCE)
2019-07-23 05:16:12
debiancve
debiancve
CVE-2019-10173
2019-07-23 13:15:13
CVE-2013-7285
2019-05-15 17:29:00
gentoo
gentoo
XStream: Remote execution of arbitrary code
2016-12-13 00:00:00
openvas
openvas
Fedora Update for xstream FEDORA-2014-2372
2014-02-25 00:00:00
Fedora Update for xstream FEDORA-2014-2340
2014-02-25 00:00:00
Fedora Update for xstream FEDORA-2014-2340
2014-02-25 00:00:00
mageia
mageia
Updated xstream packages fix CVE-2013-7285
2014-02-26 01:54:53
nuclei
nuclei
XStream <1.4.6/1.4.10 - Remote Code Execution
2023-03-12 03:38:05
redhat
redhat
(RHSA-2014:0294) Important: XStream security update
2014-03-13 19:11:29
(RHSA-2014:0389) Important: jasperreports-server-pro security update
2014-04-09 00:00:00
(RHSA-2014:0216) Important: XStream security update
2014-02-26 20:31:01
nessus
nessus
Artifactory < 3.1.1.1 XStream Remote Code Execution
2014-03-12 00:00:00
RHEL 6 : jasperreports-server-pro (RHSA-2014:0389)
2014-11-08 00:00:00
GLSA-201612-35 : XStream: Remote execution of arbitrary code
2016-12-13 00:00:00
exploitpack
exploitpack
OpenMRS Reporting Module 0.9.7 - Remote Code Execution
2016-01-07 00:00:00
zdt
zdt
OpenMRS Reporting Module 0.9.7 - Remote Code Execution
2016-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: xstream-1.3.1-5.1.fc19
2014-02-22 00:56:20
[SECURITY] Fedora 20 Update: xstream-1.3.1-9.fc20
2014-02-22 00:47:06
packetstorm
packetstorm
OpenMRS Reporting Module 0.9.7 Remote Code Execution
2016-01-06 00:00:00
symantec
symantec
checkpoint_advisories
checkpoint_advisories
XStream Library Insecure Deserialization (CVE-2019-10173)
2020-02-26 00:00:00
exploitdb
exploitdb
OpenMRS Reporting Module 0.9.7 - Remote Code Execution
2016-01-07 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2014-02-14 00:00:00
redhatcve
redhatcve
CVE-2020-26259
2020-12-17 20:48:46
CVE-2020-26258
2020-12-17 20:48:37
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00