Lucene search

ApacheCVE-2020-17530

HistoryDec 11, 2020 - 2:15 a.m.

CVE-2020-17530

2020-12-1102:15:10

CWE-917

apache

web.nvd.nist.gov

1217

In Wild

cve-2020-17530

apache struts 2

remote code execution

nvd

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.973

Percentile

99.9%

JSON

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

Affected configurations

Nvd

Node

apachestrutsRange2.0.0–2.5.30

Node

oraclebusiness_intelligenceMatch12.2.1.3.0enterprise

oraclebusiness_intelligenceMatch12.2.1.4.0enterprise

oraclecommunications_diameter_intelligence_hubMatch8.0.0

oraclecommunications_diameter_intelligence_hubMatch8.1.0

oraclecommunications_diameter_intelligence_hubMatch8.2.0

oraclecommunications_diameter_intelligence_hubMatch8.2.3

oraclecommunications_policy_managementMatch12.5.0

oraclecommunications_pricing_design_centerMatch12.0.0.3.0

oraclefinancial_services_data_integration_hubMatch8.0.3

oraclefinancial_services_data_integration_hubMatch8.0.6

oraclehospitality_opera_5Match5.6

oraclemysql_enterprise_monitorMatch8.0.23

VendorProductVersionCPE
apachestruts*cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
oraclebusiness_intelligence12.2.1.3.0cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*
oraclebusiness_intelligence12.2.1.4.0cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*
oraclecommunications_diameter_intelligence_hub8.0.0cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.0.0:*:*:*:*:*:*:*
oraclecommunications_diameter_intelligence_hub8.1.0cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.1.0:*:*:*:*:*:*:*
oraclecommunications_diameter_intelligence_hub8.2.0cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.0:*:*:*:*:*:*:*
oraclecommunications_diameter_intelligence_hub8.2.3cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3:*:*:*:*:*:*:*
oraclecommunications_policy_management12.5.0cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
oraclecommunications_pricing_design_center12.0.0.3.0cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
oraclefinancial_services_data_integration_hub8.0.3cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	struts	*	cpe:2.3:a:apache:struts::::::::
oracle	business_intelligence	12.2.1.3.0	cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0::::enterprise:::
oracle	business_intelligence	12.2.1.4.0	cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0::::enterprise:::
oracle	communications_diameter_intelligence_hub	8.0.0	cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.0.0:::::::*
oracle	communications_diameter_intelligence_hub	8.1.0	cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.1.0:::::::*
oracle	communications_diameter_intelligence_hub	8.2.0	cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.0:::::::*
oracle	communications_diameter_intelligence_hub	8.2.3	cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3:::::::*
oracle	communications_policy_management	12.5.0	cpe:2.3:a:oracle:communications_policy_management:12.5.0:::::::*
oracle	communications_pricing_design_center	12.0.0.3.0	cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:::::::*
oracle	financial_services_data_integration_hub	8.0.3	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.3:::::::*

Rows per page:

1-10 of 131

CNA Affected

[
  {
    "product": "Apache Struts",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Struts 2.0.0 - Struts 2.5.25"
      }
    ]
  }
]