Apache Software Foundation Patches Apache Struts 2 Code Execution Flaw

Apache Software

The Apache Software Foundation released a security update to address a remote code execution vulnerability in Struts 2 related to the OGNL technology. The remote code execution flaw – CVE-2020-17530 – resides in forced OGNL evaluation when assessed on raw user input in tag attributes.

Read More: Mitigating Cybersecurity Risks in an Interconnected Intelligent Enterprise

Depending on the privileges linked to the affected application, a threat actor could perform various malicious activities, such as modifying or deleting data, installing applications, or creating new admin accounts.

The Cybersecurity and Infrastructure Security Agency (CISA) has also released a security advisory for the CVE-2020-17530 flaw.

Source: securityaffairs