CVE-2019-10086 in Oracle Hyperion Planninginfo

Summary

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Reservation

03/26/2019

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
251225	Oracle Hyperion Planning Security deserialization	502	Not defined	Official fix	CVE-2019-10086
251224	Oracle Hyperion Calculation Manager Security deserialization	502	Not defined	Official fix	CVE-2019-10086
242736	Oracle Business Intelligence Enterprise Edition BI Platform Security deserialization	502	Not defined	Official fix	CVE-2019-10086
242709	Oracle WebCenter Content ADF UCM Application deserialization	502	Not defined	Official fix	CVE-2019-10086
242708	Oracle Identity Manager Third Party deserialization	502	Not defined	Official fix	CVE-2019-10086
234862	Oracle Business Intelligence Enterprise Edition Service Administration UI deserialization	502	Not defined	Official fix	CVE-2019-10086
234861	Oracle Business Intelligence Enterprise Edition Presentation Services deserialization	502	Not defined	Official fix	CVE-2019-10086
234496	Oracle Commerce Guided Search Experience Manager/Platform Services deserialization	502	Not defined	Official fix	CVE-2019-10086
226625	Oracle Insurance Policy Administration Operational Data Store for Life and Annuity Logger deserialization	502	Not defined	Official fix	CVE-2019-10086
226581	Oracle Business Intelligence Enterprise Edition Analytics Server deserialization	502	Not defined	Official fix	CVE-2019-10086
211491	Oracle Human Resources Common Modules deserialization	502	Not defined	Official fix	CVE-2019-10086
204515	Oracle Product Lifecycle Analytics Installation Issues deserialization	502	Not defined	Official fix	CVE-2019-10086
204514	Oracle Agile Engineering Data Management Installation Issues Remote Code Execution		Not defined	Official fix	CVE-2019-10086
204496	Oracle Retail Sales Audit others deserialization	502	Not defined	Official fix	CVE-2019-10086
204495	Oracle Retail Allocation General deserialization	502	Not defined	Official fix	CVE-2019-10086
204416	Oracle Health Sciences Data Management Workbench User deserialization	502	Not defined	Official fix	CVE-2019-10086
198150	Oracle Retail Invoice Matching Security deserialization	502	Not defined	Official fix	CVE-2019-10086
197746	Oracle Communications Network Integrity User deserialization	502	Not defined	Official fix	CVE-2019-10086
197710	Oracle Blockchain Platform BCS Console deserialization	502	Not defined	Official fix	CVE-2019-10086
190964	Oracle Hospitality Reporting and Analytics deserialization	502	Not defined	Official fix	CVE-2019-10086
190905	Oracle Time and Labor Timecard deserialization	502	Not defined	Official fix	CVE-2019-10086
190784	Oracle Communications Design Studio Inventory deserialization	502	Not defined	Official fix	CVE-2019-10086
190783	Oracle Communications Convergence Message Store deserialization	502	Not defined	Official fix	CVE-2019-10086
184889	Oracle Insurance Policy Administration Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
184888	Oracle Documaker Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
184727	Oracle Communications Policy Management Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
184661	Oracle Communications Billing and Revenue Management Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179252	Oracle Solaris Cluster Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179230	Oracle Retail Price Management Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179229	Oracle Retail Merchandising System Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179106	Oracle Real-Time Decisions (RTD) Solutions Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179067	Oracle Financial Services Revenue Management and Billing Analytics Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179052	Oracle Application Testing Suite Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179012	Oracle Communications Evolved Communications Application Server Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179011	Oracle Communications Cloud Native Core Unified Data Repository Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179010	Oracle Communications Cloud Native Core Policy Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
179009	Oracle Communications Cloud Native Core Console Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
178985	Oracle Communications Pricing Design Center Apache Commons BeanUtils deserialization	502	Not defined	Official fix	CVE-2019-10086
173693	Oracle Utilities Framework General deserialization	502	Not defined	Official fix	CVE-2019-10086
173682	Oracle Agile PLM Security deserialization	502	Not defined	Official fix	CVE-2019-10086
173681	Oracle Agile Product Lifecycle Management Integration Pack for SAP: Design to Release Core deserialization	502	Not defined	Official fix	CVE-2019-10086
173680	Oracle Agile Product Lifecycle Management Integration Pack for E-Business Suite Installer deserialization	502	Not defined	Official fix	CVE-2019-10086
173656	Oracle Retail Returns Management Main Dashboard deserialization	502	Not defined	Official fix	CVE-2019-10086
173655	Oracle Retail Predictive Application Server RPAS Fusion Client deserialization	502	Not defined	Official fix	CVE-2019-10086
173654	Oracle Retail Point-of-Service Pricing deserialization	502	Not defined	Official fix	CVE-2019-10086
173653	Oracle Retail Central Office Commerce Anywhere deserialization	502	Not defined	Official fix	CVE-2019-10086
173652	Oracle Retail Back Office Pricing deserialization	502	Not defined	Official fix	CVE-2019-10086
173651	Oracle Retail Advanced Inventory Planning Operations / Maintenance deserialization	502	Not defined	Official fix	CVE-2019-10086
173616	Oracle PeopleSoft Enterprise PT PeopleTools Weblogic deserialization	502	Not defined	Official fix	CVE-2019-10086
173557	Oracle JD Edwards EnterpriseOne Tools Portal SEC deserialization	502	Not defined	Official fix	CVE-2019-10086

39 More entries are not shown

🔒 Login Required

You need to signup and login to see more of the remaining 39 results.

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!