CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0230

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile21.65th
PublishedSep 14, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Affected Platforms (CPE)

πŸ“¦
Apache

Struts

>= 2.0.0 and <= 2.5.20
πŸ“¦
Oracle

Communications Policy Management

= 12.5.0
πŸ“¦
Oracle

Financial Services Data Integration Hub

= 8.0.3
πŸ“¦
Oracle

Financial Services Data Integration Hub

= 8.0.6
πŸ“¦
Oracle

Financial Services Market Risk Measurement And Management

= 8.0.6
πŸ“¦
Oracle

Mysql Enterprise Monitor

<= 8.0.23

References & Advisories

πŸ”— http://packetstormsecurity.com/files/160108/Apache-Struts-2.5.20-Double-OGNL-Evaluation.html
πŸ”— http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
πŸ”— https://cwiki.apache.org/confluence/display/ww/s2-059
πŸ”— https://launchpad.support.sap.com/#/notes/2982840
πŸ”— https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E
πŸ”— https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E
πŸ”— https://www.oracle.com/security-alerts/cpuApr2021.html
πŸ”— https://www.oracle.com/security-alerts/cpujan2021.html

Related Vulnerabilities

CVE-2013-431610.0

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVE-2012-083810.0

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows re...

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...

CVE-2021-318059.8

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could ...