CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: May 3, 2022

High

CISA KEV

CVE-2020-17530

Apache—Struts

Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2020-17530

Vulnerability Overview

Severity: High
CISA KEV: Yes
Ransomware: Unknown
Published: Nov 3, 2021
KEV Added: Nov 3, 2021
Due Date: May 3, 2022
Related Articles: 0

Vendor

Apache

Struts