Lucene search
Security-metrics-botCWD-5688HistoryFeb 22, 2021 - 11:35 a.m.
Update Apache Struts 2 to avoid CVE-2020-17530
2021-02-2211:35:48
security-metrics-bot
jira.atlassian.com
24
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.973 High
EPSS
Percentile
99.9%
Update Apache Struts to 2.5.26 to avoid [CVE-2020-17530|https://cwiki.apache.org/confluence/display/ww/s2-061]
Affected configurations
Node
atlassiancrowdRange≤4.2.2
ORatlassiancrowdRange≤4.1.8
ORatlassiancrowdRange<4.3.0
ORatlassiancrowdRange<4.1.9
ORatlassiancrowdRange<4.2.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| crowd data center | le | 4.2.2 | |
| crowd data center | le | 4.1.8 | |
| crowd data center | lt | 4.3.0 | |
| crowd data center | lt | 4.1.9 | |
| crowd data center | lt | 4.2.3 |
Related
qualysblog
qualysblog
Apache Struts 2 Double OGNL Evaluation Vulnerability (CVE-2020-17530)
2021-09-21 14:40:00
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
checkpoint_advisories
checkpoint_advisories
Apache Struts Remote Code Execution (CVE-2020-17530)
2020-12-21 00:00:00
ibm
ibm
Security Bulletin: IBM Sterling Order Management Apache Struts vulnerablity
2022-05-11 01:06:34
cisa_kev
cisa_kev
Apache Struts Remote Code Execution Vulnerability
2021-11-03 00:00:00
openvas
openvas
Apache Struts Security Update (S2-061) - Version Check
2020-12-14 00:00:00
Apache Struts Security Update (S2-061) - Active Check
2021-04-22 00:00:00
Apache Struts Security Update (S2-062) - Active Check
2022-05-04 00:00:00
nuclei
nuclei
Apache Struts 2.0.0-2.5.25 - Remote Code Execution
2021-01-27 18:47:58
Apache Struts2 S2-062 - Remote Code Execution
2022-04-18 11:08:19
nessus
nessus
Apache Struts 2.x < 2.5.26 RCE (S2-061)
2020-12-09 00:00:00
Apache Struts 2.0.0 < 2.5.26 Possible Remote Code Execution vulnerability (S2-061)
2021-07-06 00:00:00
Apache Struts 2.x < 2.5.29 Remote Code Execution (S2-062)
2022-05-18 00:00:00
cisa
cisa
Apache Releases Security Update for Apache Struts 2
2020-12-08 00:00:00
githubexploit
githubexploit
Exploit for Expression Language Injection in Apache Struts
2020-12-09 09:53:08
Exploit for Expression Language Injection in Apache Struts
2020-12-08 11:10:46
Exploit for Expression Language Injection in Apache Struts
2021-01-24 07:51:31
saint
saint
Apache Struts forced OGNL evaluation incomplete fix
2022-04-26 00:00:00
Apache Struts forced OGNL evaluation incomplete fix
2022-04-26 00:00:00
cvelist
cvelist
CVE-2020-17530
2020-12-11 01:11:04
prion
prion
Remote code execution
2020-12-11 02:15:00
Remote code execution
2022-04-12 16:15:00
cve
cve
CVE-2020-17530
2020-12-11 02:15:10
CVE-2021-31805
2022-04-12 16:15:08
atlassian
atlassian
Update Apache Struts 2 to avoid CVE-2020-17530
2021-02-22 11:35:48
github
github
Remote code execution in Apache Struts
2022-02-09 22:51:56
Expression Language Injection in Apache Struts
2022-04-13 00:00:30
Bypassing OGNL sandboxes for fun and charities
2023-01-27 16:00:49
osv
osv
CVE-2020-17530
2020-12-11 02:15:10
Remote code execution in Apache Struts
2022-02-09 22:51:56
Expression Language Injection in Apache Struts
2022-04-13 00:00:30
redhatcve
redhatcve
CVE-2020-17530
2020-12-08 19:34:44
CVE-2021-31805
2022-04-13 06:28:32
nvd
nvd
CVE-2020-17530
2020-12-11 02:15:10
CVE-2021-31805
2022-04-12 16:15:08
veracode
veracode
Remote Code Execution
2020-12-09 05:42:42
Remote Code Execution (RCE)
2022-04-13 04:46:59
ubuntucve
ubuntucve
CVE-2020-17530
2020-12-11 00:00:00
CVE-2021-31805
2022-04-12 00:00:00
jvn
jvn
JVN#43969166: Apache Struts 2 vulnerable to remote code execution (S2-061)
2020-12-11 00:00:00
metasploit
metasploit
Apache Struts 2 Forced Multi OGNL Evaluation
2020-12-16 00:17:35
zdt
zdt
Apache Struts 2 Forced Multi OGNL Evaluation Exploit
2020-12-24 00:00:00
attackerkb
attackerkb
CVE-2020-17530
2020-12-11 00:00:00
CVE-2021-31805
2022-04-12 00:00:00
packetstorm
packetstorm
Apache Struts 2 Forced Multi OGNL Evaluation
2020-12-24 00:00:00
f5
f5
Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805
2020-12-22 01:45:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-01-08 19:54:36
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.973 High
EPSS
Percentile
99.9%
Related for CWD-5688