CVE-2020-17530
Apache Struts Remote Code Execution Vulnerability
CVSS
—
Sin CVSS
EPSS
95.9%
p100
KEV
SÍ
3 nov 2021
Exploit Today
80
0-100
Publicado: — · Última mod.: —
95.9%EPSS · 30 días95.9%
2026-06-302026-07-16
Producto
Apache / Struts
Vulnerabilidad
Apache Struts Remote Code Execution Vulnerability
Añadido a KEV
3 nov 2021
Remediar antes de
3 may 2022
Uso conocido en ransomware
No
Descripción resumida
Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2020-17530
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2017-5638—100.0%
KEV—80Apache Struts Remote Code Execution Vulnerability—CVE-2018-11776—100.0%
KEV—80Apache Struts Remote Code Execution Vulnerability—CVE-2013-2251—100.0%
KEV—80Apache Struts Improper Input Validation Vulnerability—CVE-2017-9805—99.9%
KEV—80Apache Struts Deserialization of Untrusted Data Vulnerability—