Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
oryginał ENCVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CApache Struts
APPApache2.0.02.0.12.0.102.0.112.0.11.12.0.11.22.0.122.0.132.0.142.0.22.0.32.0.42.0.52.0.62.0.7+ 30 więcejOracle Flexcube Private Banking
APPOracle12.0.112.0.21.72.02.0.12.2.0.13.0Oracle MySQL Enterprise Monitor
APPOracle≤ 2.3.14≤ 3.0.4Oracle Webcenter Sites
APPOracle11.1.1.6.111.1.1.8.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Referencje
Powiązane podatności
CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
CVE-2020-17530CRITICAL9.8⚠ KEVten sam produkt
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution....
CVE-2020-1938CRITICAL9.8⚠ KEVten sam produkt
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...
CVE-2017-9791CRITICAL9.8⚠ KEVten sam produkt
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field v...