CVE-2019-0233

moderate-risk
Published 2020-09-14

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Do I need to act?

~
7.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Apache Oracle

References (10)

Vendor Advisory https://cwiki.apache.org/confluence/display/ww/s2-060
Permissions Required https://launchpad.support.sap.com/#/notes/2982840
Patch https://www.oracle.com/security-alerts/cpuApr2021.html
Patch https://www.oracle.com/security-alerts/cpujan2021.html
Patch https://www.oracle.com/security-alerts/cpuoct2021.html
Vendor Advisory https://cwiki.apache.org/confluence/display/ww/s2-060
Permissions Required https://launchpad.support.sap.com/#/notes/2982840
Patch https://www.oracle.com/security-alerts/cpuApr2021.html
Patch https://www.oracle.com/security-alerts/cpujan2021.html
Patch https://www.oracle.com/security-alerts/cpuoct2021.html
49
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 10/34 · Low
Exposure 13/34 · Low