Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
WebLogic Deserialization of Untrusted Data Vulnerability - CVE-2019-10086 - Vulnerability Database
WebLogic

WebLogic Deserialization of Untrusted Data Vulnerability - CVE-2019-10086

High
Reference: CVE-2019-10086
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-10086
Title: WebLogic Deserialization of Untrusted Data Vulnerability
Overview:

In Apache Commons Beanutils 1.9.2 a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We however were not using this by default characteristic of the PropertyUtilsBean.