The Apache Software Foundation released a security update to address a remote code execution vulnerability in Struts 2 related to the OGNL technology. The remote code execution flaw – CVE-2020-17530 – resides in forced OGNL evaluation when assessed on raw user input in tag attributes.
Read More: Mitigating Cybersecurity Risks in an Interconnected Intelligent Enterprise
Depending on the privileges linked to the affected application, a threat actor could perform various malicious activities, such as modifying or deleting data, installing applications, or creating new admin accounts.
The Cybersecurity and Infrastructure Security Agency (CISA) has also released a security advisory for the CVE-2020-17530 flaw.
Source: securityaffairs