Issued: Tuesday, 26 April, 2022 |
Last Revision: Tuesday, 26 April, 2022 |
Vendor: |
Product: |
Severity Level: |
Apache Struts 2 is affected with a potential remote code execution vulnerability (CVE-2021-31805 OGNL Injection vulnerability), which has been disclosed and fixed by the Apache Software Foundation. The update was offered because the first patch, which was released in 2020, did not fully resolve the issue, according to an advisory S2-062 from Apache.
A remote attacker who exploits this flaw can run arbitrary code on the Apache Struts 2 server.
This is crucial because Apache Struts is extensively used, and an attacker who successfully exploits CVE2021-31805 can obtain control of a susceptible system.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2021-31805 | Remote Code Execution Vulnerability | 9.8 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Products and Versions | |
CVE-2021-31805 | Apache Struts 2 Versions 2.0.0 to 2.5.29 | |
Table 2: Vulnerable versions
Organization are advised to identify the usage of Apache Struts 2 Versions 2.0.0 to 2.5.29 in their environment and upgrade the affected software to Struts 2.5.30 or greater as soon as possible.