We inherit this dependency from the A&AI project: org.onap.aai.schema-service:aai-schema:jar:1.0.1 - we are not using commons-beanutils directly, only using the schema to build our own java classes.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114

Determine if A&AI team will fix or if we can exclude that dependency.