Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-10086

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.3, indicating it can be exploited remotely over the network with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, limited integrity, and limited availability for affected systems. Impacting 60 products from apache, from apache, from debian and 57 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2019, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2019-08-20T21:15:12.057

Last Modified

2024-11-21T04:18:22.250

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-502

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	commons_beanutils	≤ 1.9.3	Yes
Application	apache	nifi	1.14.0	Yes
Application	apache	nifi	1.15.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	opensuse	leap	15.0	Yes
Operating System	opensuse	leap	15.1	Yes
Operating System	fedoraproject	fedora	30	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_eus	7.7	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.7	Yes
Operating System	redhat	enterprise_linux_server_tus	7.7	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Application	redhat	jboss_enterprise_application_platform	7.2.0	Yes
Operating System	redhat	enterprise_linux_server	6.0	No
Operating System	redhat	enterprise_linux_server	7.0	No
Operating System	redhat	enterprise_linux_server	8.0	No
Application	oracle	agile_plm	9.3.3	Yes
Application	oracle	agile_plm	9.3.5	Yes
Application	oracle	agile_plm	9.3.6	Yes
Application	oracle	agile_product_lifecycle_management_integration_pack	3.5	Yes
Application	oracle	agile_product_lifecycle_management_integration_pack	3.5	Yes
Application	oracle	agile_product_lifecycle_management_integration_pack	3.6	Yes
Application	oracle	agile_product_lifecycle_management_integration_pack	3.6	Yes
Application	oracle	application_testing_suite	13.3.0.1	Yes
Application	oracle	banking_platform	2.4.0	Yes
Application	oracle	banking_platform	2.7.1	Yes
Application	oracle	banking_platform	2.9.0	Yes
Application	oracle	blockchain_platform	< 21.1.2	Yes
Application	oracle	communications_billing_and_revenue_management	7.5	Yes
Application	oracle	communications_billing_and_revenue_management	12.0.0.3.0	Yes
Application	oracle	communications_billing_and_revenue_management_elastic_charging_engine	11.3.0.9	Yes
Application	oracle	communications_billing_and_revenue_management_elastic_charging_engine	12.0.0.3	Yes
Application	oracle	communications_cloud_native_core_console	1.4.0	Yes
Application	oracle	communications_cloud_native_core_policy	1.9.0	Yes
Application	oracle	communications_cloud_native_core_unified_data_repository	1.6.0	Yes
Application	oracle	communications_convergence	3.0.2.2.0	Yes
Application	oracle	communications_design_studio	7.3.4	Yes
Application	oracle	communications_design_studio	7.3.5	Yes
Application	oracle	communications_design_studio	7.4.0	Yes
Application	oracle	communications_evolved_communications_application_server	7.1	Yes
Application	oracle	communications_metasolv_solution	6.3.0	Yes
Application	oracle	communications_metasolv_solution	6.3.1	Yes
Application	oracle	communications_network_integrity	7.3.6	Yes
Application	oracle	communications_performance_intelligence_center	10.4.0.3	Yes
Application	oracle	communications_pricing_design_center	12.0.0.3.0	Yes
Application	oracle	communications_unified_inventory_management	7.3.4	Yes
Application	oracle	communications_unified_inventory_management	7.3.5	Yes
Application	oracle	communications_unified_inventory_management	7.4.0	Yes
Application	oracle	communications_unified_inventory_management	7.4.1	Yes
Application	oracle	customer_management_and_segmentation_foundation	18.0	Yes
Application	oracle	enterprise_manager_for_virtualization	13.4.0.0	Yes
Application	oracle	financial_services_revenue_management_and_billing_analytics	2.7	Yes
Application	oracle	financial_services_revenue_management_and_billing_analytics	2.8	Yes
Application	oracle	flexcube_private_banking	12.0.0	Yes
Application	oracle	flexcube_private_banking	12.1.0	Yes
Application	oracle	fusion_middleware	11.1.1.9	Yes
Application	oracle	fusion_middleware	12.2.1.3.0	Yes
Application	oracle	fusion_middleware	12.2.1.4.0	Yes
Application	oracle	healthcare_foundation	7.1.5	Yes
Application	oracle	healthcare_foundation	7.2.2	Yes
Application	oracle	healthcare_foundation	7.3.0	Yes
Application	oracle	healthcare_foundation	7.3.1	Yes
Application	oracle	healthcare_foundation	8.0.1	Yes
Application	oracle	hospitality_opera_5	5.5	Yes
Application	oracle	hospitality_opera_5	5.6	Yes
Application	oracle	hospitality_reporting_and_analytics	9.1.0	Yes
Application	oracle	insurance_data_gateway	1.0.2.3	Yes
Application	oracle	jd_edwards_enterpriseone_orchestrator	< 9.2.5.3	Yes
Application	oracle	jd_edwards_enterpriseone_orchestrator	9.2.5.3	Yes
Application	oracle	jd_edwards_enterpriseone_tools	< 9.2.5.3	Yes
Application	oracle	jd_edwards_enterpriseone_tools	9.2.5.3	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.56	Yes
Application	oracle	peoplesoft_enterprise_peopletools	8.57	Yes
Application	oracle	peoplesoft_enterprise_pt_peopletools	8.56	Yes
Application	oracle	peoplesoft_enterprise_pt_peopletools	8.57	Yes
Application	oracle	peoplesoft_enterprise_pt_peopletools	8.58	Yes
Application	oracle	primavera_gateway	≤ 16.2.11	Yes
Application	oracle	primavera_gateway	≤ 17.12.6	Yes
Application	oracle	real-time_decisions_solutions	3.2.0.0	Yes
Application	oracle	retail_advanced_inventory_planning	14.1	Yes
Application	oracle	retail_back_office	14.1	Yes
Application	oracle	retail_central_office	14.1	Yes
Application	oracle	retail_invoice_matching	16.0.3	Yes
Application	oracle	retail_merchandising_system	5.0.3.1	Yes
Application	oracle	retail_point-of-service	14.1	Yes
Application	oracle	retail_predictive_application_server	16.0	Yes
Application	oracle	retail_price_management	14.0	Yes
Application	oracle	retail_price_management	14.0.1	Yes
Application	oracle	retail_price_management	15.0	Yes
Application	oracle	retail_price_management	16.0	Yes
Application	oracle	retail_returns_management	14.1	Yes
Application	oracle	retail_xstore_point_of_service	7.1	Yes
Application	oracle	retail_xstore_point_of_service	15.0	Yes
Application	oracle	retail_xstore_point_of_service	16.0	Yes
Application	oracle	retail_xstore_point_of_service	17.0	Yes
Application	oracle	retail_xstore_point_of_service	18.0	Yes
Application	oracle	service_bus	11.1.1.9.0	Yes
Application	oracle	service_bus	12.2.1.3.0	Yes
Application	oracle	service_bus	12.2.1.4.0	Yes
Application	oracle	solaris_cluster	4.4	Yes
Application	oracle	time_and_labor	≤ 12.2.11	Yes
Application	oracle	utilities_framework	≤ 4.3.0.6.0	Yes
Application	oracle	utilities_framework	4.2.0.2.0	Yes
Application	oracle	utilities_framework	4.2.0.3.0	Yes
Application	oracle	utilities_framework	4.4.0.0.0	Yes
Application	oracle	utilities_framework	4.4.0.2.0	Yes
Application	oracle	utilities_framework	4.4.0.3.0	Yes
Application	oracle	weblogic_server	10.3.6.0.0	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html Mailing List, Third Party Advisory ([email protected])
http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e ([email protected])
https://access.redhat.com/errata/RHSA-2019:4317 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2020:0057 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2020:0194 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2020:0804 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2020:0805 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2020:0806 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2020:0811 Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E ([email protected])
https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E ([email protected])
https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/ ([email protected])
https://www.oracle.com//security-alerts/cpujul2021.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2020.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2020.html Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2021.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2020.html Patch, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2022.html ([email protected])
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:4317 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0057 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0194 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0804 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0805 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0806 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2020:0811 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com//security-alerts/cpujul2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2020.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujan2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2020.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuoct2021.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For apache's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.