Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Struts
APPApache2.0.0 – 2.5.30 (bez)Oracle Business Intelligence
APPOracle12.2.1.3.012.2.1.4.0Oracle Communications Diameter Intelligence Hub
APPOracle8.0.08.1.08.2.08.2.3Oracle Communications Policy Management
APPOracle12.5.0Oracle Communications Pricing Design Center
APPOracle12.0.0.3.0Oracle Financial Services Data Integration Hub
APPOracle8.0.38.0.6Oracle Hospitality Opera 5
APPOracle5.6Oracle MySQL Enterprise Monitor
APPOracle8.0.23
CISA KEV — szczegółyi
- Dostawcai
- Apache ↗
- Produkti
- Struts
- Data dodania do KEVi
- 3 listopada 2021
- Termin remediation (USA)i
- 3 maja 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Wymuszona ewaluacja Forced Object-Graph Navigation Language (OGNL) w Apache Struts, gdy jest oceniana na surowych danych wejściowych użytkownika w atrybutach tagów, może prowadzić do remote code execution.
▸ Pokaż oryginał (EN)
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
Powiązane podatności
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field v...
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5....