CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jul 21, 2022

CVE-2012-0391

High

EPSS 88.3%CISA KEV

Apache/Struts 2

Description

The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.

EPSS — Exploit Probability

88.3%

Higher than 99.5% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2012-0391

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 88.3%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jan 21, 2022

Added to KEV

Jan 21, 2022

Remediation Due

Jul 21, 2022

Affected Product

Apache

Struts 2

View all Apache CVEs

External Links

NVD (NIST)CVE Details MITRE CVE