vulnerability

F5 Networks: CVE-2021-31805: K24608264: Apache Struts vulnerabilities CVE-2020-17530 and CVE-2021-31805

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Apr 12, 2022	Jan 18, 2024	Apr 1, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 12, 2022

Added

Jan 18, 2024

Modified

Apr 1, 2026

Description

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

Solution

f5-big-ip-upgrade-latest

References

CVE-2020-17530
https://attackerkb.com/topics/CVE-2020-17530
CVE-2021-31805
https://attackerkb.com/topics/CVE-2021-31805
CWE-917
EUVD-EUVD-2022-1073
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-1073
https://my.f5.com/manage/s/article/K24608264

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today