vulnerability

F5 Networks: CVE-2020-17530: K24608264: Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Dec 11, 2020	Dec 22, 2020	Apr 1, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Dec 11, 2020

Added

Dec 22, 2020

Modified

Apr 1, 2026

Description

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

Solution

f5-big-ip-upgrade-latest

References

CVE-2020-17530
https://attackerkb.com/topics/CVE-2020-17530
CVE-2021-31805
https://attackerkb.com/topics/CVE-2021-31805
CWE-917
EUVD-EUVD-2022-1073
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-1073
https://my.f5.com/manage/s/article/K24608264

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today