Vulnerabilities > CVE-2019-0230

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

oracle

critical

NVD

Published: 2020-09-14

Updated: 2023-11-07

Summary

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Struts 2.0.0 Apache Struts 2.0.1 Apache Struts 2.0.2 Apache Struts 2.0.3 Apache Struts 2.0.4 Apache Struts 2.0.5 Apache Struts 2.0.6 Apache Struts 2.0.7 Apache Struts 2.0.8 Apache Struts 2.0.9 Apache Struts 2.0.10 Apache Struts 2.0.11 Apache Struts 2.0.11.1 Apache Struts 2.0.11.2 Apache Struts 2.0.12 Apache Struts 2.0.13 Apache Struts 2.0.14 Apache Struts 2.1.0 Apache Struts 2.1.1 Apache Struts 2.1.2 Apache Struts 2.1.3 Apache Struts 2.1.4 Apache Struts 2.1.5 Apache Struts 2.1.6 Apache Struts 2.1.7 Apache Struts 2.1.8 Apache Struts 2.1.8.1 Apache Struts 2.2.1 Apache Struts 2.2.1.1 Apache Struts 2.2.3 Apache Struts 2.2.3.1 Apache Struts 2.3.0 Apache Struts 2.3.1 Apache Struts 2.3.1.1 Apache Struts 2.3.1.2 Apache Struts 2.3.3 Apache Struts 2.3.4 Apache Struts 2.3.4.1 Apache Struts 2.3.5 Apache Struts 2.3.6 Apache Struts 2.3.7 Apache Struts 2.3.8 Apache Struts 2.3.9 Apache Struts 2.3.10 Apache Struts 2.3.11 Apache Struts 2.3.12 Apache Struts 2.3.13 Apache Struts 2.3.14 Apache Struts 2.3.14.1 Apache Struts 2.3.14.2 Apache Struts 2.3.14.3 Apache Struts 2.3.15 Apache Struts 2.3.15.1 Apache Struts 2.3.15.2 Apache Struts 2.3.15.3 Apache Struts 2.3.16 Apache Struts 2.3.16.1 Apache Struts 2.3.16.2 Apache Struts 2.3.16.3 Apache Struts 2.3.17 Apache Struts 2.3.19 Apache Struts 2.3.20 Apache Struts 2.3.20.1 Apache Struts 2.3.20.2 Apache Struts 2.3.20.3 Apache Struts 2.3.21 Apache Struts 2.3.22 Apache Struts 2.3.23 Apache Struts 2.3.24 Apache Struts 2.3.24.1 Apache Struts 2.3.24.2 Apache Struts 2.3.24.3 Apache Struts 2.3.25 Apache Struts 2.3.26 Apache Struts 2.3.27 Apache Struts 2.3.28 Apache Struts 2.3.28.1 Apache Struts 2.3.29 Apache Struts 2.3.30 Apache Struts 2.3.31 Apache Struts 2.3.32 Apache Struts 2.3.33 Apache Struts 2.3.34 Apache Struts 2.5 Apache Struts 2.5.0 Apache Struts 2.5.1 Apache Struts 2.5.2 Apache Struts 2.5.3 Apache Struts 2.5.4 Apache Struts 2.5.5 Apache Struts 2.5.6 Apache Struts 2.5.7 Apache Struts 2.5.8 Apache Struts 2.5.9 Apache Struts 2.5.10 Apache Struts 2.5.10.1 Apache Struts 2.5.11 Apache Struts 2.5.12 Apache Struts 2.5.13 Apache Struts 2.5.14 Apache Struts 2.5.14.1 Apache Struts 2.5.15 Apache Struts 2.5.16 Apache Struts 2.5.17 Apache Struts 2.5.18 Apache Struts 2.5.19 Apache Struts 2.5.20	110
Application	Oracle Oracle Financial Services Market Risk Measurement AND Management 8.0.6 Oracle Communications Policy Management 12.5.0 Oracle Financial Services Data Integration HUB 8.0.6 Oracle Financial Services Data Integration HUB 8.0.3 Oracle Mysql Enterprise Monitor - Oracle Mysql Enterprise Monitor 2.3.14 Oracle Mysql Enterprise Monitor 3.0.4 Oracle Mysql Enterprise Monitor 3.0.25 Oracle Mysql Enterprise Monitor 3.1.0 Oracle Mysql Enterprise Monitor 3.1.1 Oracle Mysql Enterprise Monitor 3.1.2 Oracle Mysql Enterprise Monitor 3.1.3 Oracle Mysql Enterprise Monitor 3.1.3.7856 Oracle Mysql Enterprise Monitor 3.1.4 Oracle Mysql Enterprise Monitor 3.1.5 Oracle Mysql Enterprise Monitor 3.1.6 Oracle Mysql Enterprise Monitor 3.1.6.8003 Oracle Mysql Enterprise Monitor 3.1.7 Oracle Mysql Enterprise Monitor 3.2.0 Oracle Mysql Enterprise Monitor 3.2.1 Oracle Mysql Enterprise Monitor 3.2.2 Oracle Mysql Enterprise Monitor 3.2.3 Oracle Mysql Enterprise Monitor 3.2.4 Oracle Mysql Enterprise Monitor 3.2.5 Oracle Mysql Enterprise Monitor 3.2.6 Oracle Mysql Enterprise Monitor 3.2.7 Oracle Mysql Enterprise Monitor 3.2.8 Oracle Mysql Enterprise Monitor 3.2.8.2223 Oracle Mysql Enterprise Monitor 3.2.9 Oracle Mysql Enterprise Monitor 3.2.10 Oracle Mysql Enterprise Monitor 3.2.1182 Oracle Mysql Enterprise Monitor 3.3.0 Oracle Mysql Enterprise Monitor 3.3.1 Oracle Mysql Enterprise Monitor 3.3.2 Oracle Mysql Enterprise Monitor 3.3.2.1162 Oracle Mysql Enterprise Monitor 3.3.3 Oracle Mysql Enterprise Monitor 3.3.4 Oracle Mysql Enterprise Monitor 3.3.4.3247 Oracle Mysql Enterprise Monitor 3.3.5 Oracle Mysql Enterprise Monitor 3.3.6 Oracle Mysql Enterprise Monitor 3.3.7 Oracle Mysql Enterprise Monitor 3.3.8 Oracle Mysql Enterprise Monitor 3.3.9 Oracle Mysql Enterprise Monitor 3.4.0 Oracle Mysql Enterprise Monitor 3.4.1 Oracle Mysql Enterprise Monitor 3.4.2 Oracle Mysql Enterprise Monitor 3.4.2.4181 Oracle Mysql Enterprise Monitor 3.4.3 Oracle Mysql Enterprise Monitor 3.4.4 Oracle Mysql Enterprise Monitor 3.4.5 Oracle Mysql Enterprise Monitor 3.4.6 Oracle Mysql Enterprise Monitor 3.4.7 Oracle Mysql Enterprise Monitor 3.4.7.4297 Oracle Mysql Enterprise Monitor 3.4.8 Oracle Mysql Enterprise Monitor 3.4.9 Oracle Mysql Enterprise Monitor 3.4.9.4237 Oracle Mysql Enterprise Monitor 3.4.10 Oracle Mysql Enterprise Monitor 4.0.0 Oracle Mysql Enterprise Monitor 4.0.1 Oracle Mysql Enterprise Monitor 4.0.2 Oracle Mysql Enterprise Monitor 4.0.3 Oracle Mysql Enterprise Monitor 4.0.4 Oracle Mysql Enterprise Monitor 4.0.4.5235 Oracle Mysql Enterprise Monitor 4.0.5 Oracle Mysql Enterprise Monitor 4.0.6 Oracle Mysql Enterprise Monitor 4.0.6.5281 Oracle Mysql Enterprise Monitor 4.0.7 Oracle Mysql Enterprise Monitor 4.0.8 Oracle Mysql Enterprise Monitor 4.0.11.5331 Oracle Mysql Enterprise Monitor 4.0.12 Oracle Mysql Enterprise Monitor 4.1 Oracle Mysql Enterprise Monitor 8.0.0 Oracle Mysql Enterprise Monitor 8.0.0.8131 Oracle Mysql Enterprise Monitor 8.0.1 Oracle Mysql Enterprise Monitor 8.0.2 Oracle Mysql Enterprise Monitor 8.0.2.8191 Oracle Mysql Enterprise Monitor 8.0.3 Oracle Mysql Enterprise Monitor 8.0.14 Oracle Mysql Enterprise Monitor 8.0.18.1217 Oracle Mysql Enterprise Monitor 8.0.20 Oracle Mysql Enterprise Monitor 8.0.21 Oracle Mysql Enterprise Monitor 8.0.22 Oracle Mysql Enterprise Monitor 8.0.23	83

Vulnerabilities > CVE-2019-0230 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2019-0230"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2019-0230