Lucene search

Veracode Vulnerability DatabaseVERACODE:21314

HistoryAug 16, 2019 - 12:43 a.m.

Authorization Bypass

2019-08-1600:43:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

71.3%

JSON

commons-beanutils2 is vulnerable to authorization bypass. The vulnerability exists as the class property of Java objects are able to get access to the classloader by default.

CPENameOperatorVersion
apache commons beanutilseq1.9.9
apache commons beanutilsle1.9.3
commons beanutils corele1.8.3
rh-maven35-apache-commons-beanutilseq1.9.3__2.2.el7
rh-java-common-apache-commons-beanutilseq1.8.3__14.13.el6
rh-java-common-apache-commons-beanutilseq1.8.3__14.13.el7
apache-commons-beanutilseq1.8.3__14.el7
eap7-stax2-apieq3.1.4__6.redhat_2.1.el6eap
eap7-stax2-apieq3.1.4__6.redhat_2.1.el8eap
eap7-stax2-apieq3.1.4__3.redhat_1.1.ep7.el6

Name	Operator	Version
apache commons beanutils	eq	1.9.9
apache commons beanutils	le	1.9.3
commons beanutils core	le	1.8.3
rh-maven35-apache-commons-beanutils	eq	1.9.3__2.2.el7
rh-java-common-apache-commons-beanutils	eq	1.8.3__14.13.el6
rh-java-common-apache-commons-beanutils	eq	1.8.3__14.13.el7
apache-commons-beanutils	eq	1.8.3__14.el7
eap7-stax2-api	eq	3.1.4__6.redhat_2.1.el6eap
eap7-stax2-api	eq	3.1.4__6.redhat_2.1.el8eap
eap7-stax2-api	eq	3.1.4__3.redhat_1.1.ep7.el6

Rows per page:

1-10 of 40021

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html

mail-archives.apache.org/mod_mbox/commons-dev/201908.mbox/%[email protected]%3e

mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%[email protected]%3e

access.redhat.com/errata/RHSA-2019:4317

access.redhat.com/errata/RHSA-2020:0057

access.redhat.com/errata/RHSA-2020:0194

access.redhat.com/errata/RHSA-2020:0804

access.redhat.com/errata/RHSA-2020:0805

access.redhat.com/errata/RHSA-2020:0806

access.redhat.com/errata/RHSA-2020:0811

github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58

github.com/apache/commons-beanutils/pull/7

issues.apache.org/jira/browse/BEANUTILS-520

lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E

lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E

lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E

lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E

lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E

lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E

lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E

lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E

lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E

lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E

lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E

lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E

lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E

lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E

lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E

lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E

lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E

lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E

lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E

lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E

lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E

lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E

lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E

lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E

lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E

lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E

lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E

lists.debian.org/debian-lts-announce/2019/08/msg00030.html

lists.fedoraproject.org/archives/list/[email protected]/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/

lists.fedoraproject.org/archives/list/[email protected]/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/

www.oracle.com//security-alerts/cpujul2021.html

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpuApr2021.html

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujan2021.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

0.003 Low

EPSS

Percentile

71.3%

JSON

Related for VERACODE:21314