Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2019-10086

Disclosure Date: August 20, 2019
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.3 High
Impact Score:
3.4
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
Low

General Information

Vendors

  • apache,
  • debian,
  • fedoraproject,
  • opensuse,
  • oracle,
  • redhat

Products

  • agile plm 9.3.3,
  • agile plm 9.3.5,
  • agile plm 9.3.6,
  • agile product lifecycle management integration pack 3.5,
  • agile product lifecycle management integration pack 3.6,
  • application testing suite 13.3.0.1,
  • banking platform 2.4.0,
  • banking platform 2.7.1,
  • banking platform 2.9.0,
  • blockchain platform,
  • commons beanutils,
  • communications billing and revenue management 12.0.0.3.0,
  • communications billing and revenue management 7.5,
  • communications billing and revenue management elastic charging engine 11.3.0.9,
  • communications billing and revenue management elastic charging engine 12.0.0.3,
  • communications cloud native core console 1.4.0,
  • communications cloud native core policy 1.9.0,
  • communications cloud native core unified data repository 1.6.0,
  • communications convergence 3.0.2.2.0,
  • communications design studio 7.3.4,
  • communications design studio 7.3.5,
  • communications design studio 7.4.0,
  • communications evolved communications application server 7.1,
  • communications metasolv solution 6.3.0,
  • communications metasolv solution 6.3.1,
  • communications network integrity 7.3.6,
  • communications performance intelligence center 10.4.0.3,
  • communications pricing design center 12.0.0.3.0,
  • communications unified inventory management 7.3.4,
  • communications unified inventory management 7.3.5,
  • communications unified inventory management 7.4.0,
  • communications unified inventory management 7.4.1,
  • customer management and segmentation foundation 18.0,
  • debian linux 8.0,
  • enterprise linux desktop 7.0,
  • enterprise linux eus 7.7,
  • enterprise linux server 7.0,
  • enterprise linux server aus 7.7,
  • enterprise linux server tus 7.7,
  • enterprise linux workstation 7.0,
  • enterprise manager for virtualization 13.4.0.0,
  • fedora 30,
  • fedora 31,
  • financial services revenue management and billing analytics 2.7,
  • financial services revenue management and billing analytics 2.8,
  • flexcube private banking 12.0.0,
  • flexcube private banking 12.1.0,
  • fusion middleware 11.1.1.9,
  • fusion middleware 12.2.1.3.0,
  • fusion middleware 12.2.1.4.0,
  • healthcare foundation 7.1.5,
  • healthcare foundation 7.2.2,
  • healthcare foundation 7.3.0,
  • healthcare foundation 7.3.1,
  • healthcare foundation 8.0.1,
  • hospitality opera 5 5.5,
  • hospitality opera 5 5.6,
  • hospitality reporting and analytics 9.1.0,
  • insurance data gateway 1.0.2.3,
  • jboss enterprise application platform 7.2.0,
  • jd edwards enterpriseone orchestrator,
  • jd edwards enterpriseone orchestrator 9.2.5.3,
  • jd edwards enterpriseone tools,
  • jd edwards enterpriseone tools 9.2.5.3,
  • leap 15.0,
  • leap 15.1,
  • nifi 1.14.0,
  • nifi 1.15.0,
  • peoplesoft enterprise peopletools 8.56,
  • peoplesoft enterprise peopletools 8.57,
  • peoplesoft enterprise pt peopletools 8.56,
  • peoplesoft enterprise pt peopletools 8.57,
  • peoplesoft enterprise pt peopletools 8.58,
  • primavera gateway,
  • real-time decisions solutions 3.2.0.0,
  • retail advanced inventory planning 14.1,
  • retail back office 14.1,
  • retail central office 14.1,
  • retail invoice matching 16.0.3,
  • retail merchandising system 5.0.3.1,
  • retail point-of-service 14.1,
  • retail predictive application server 16.0,
  • retail price management 14.0,
  • retail price management 14.0.1,
  • retail price management 15.0,
  • retail price management 16.0,
  • retail returns management 14.1,
  • retail xstore point of service 15.0,
  • retail xstore point of service 16.0,
  • retail xstore point of service 17.0,
  • retail xstore point of service 18.0,
  • retail xstore point of service 7.1,
  • service bus 11.1.1.9.0,
  • service bus 12.2.1.3.0,
  • service bus 12.2.1.4.0,
  • solaris cluster 4.4,
  • time and labor,
  • utilities framework,
  • utilities framework 4.2.0.2.0,
  • utilities framework 4.2.0.3.0,
  • utilities framework 4.4.0.0.0,
  • utilities framework 4.4.0.2.0,
  • utilities framework 4.4.0.3.0,
  • weblogic server 10.3.6.0.0

References

Advisory

Additional Info

Technical Analysis