CVE-2020-17510
moderate-risk
Published 2020-11-05
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
Do I need to act?
~
1.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: be1144dede3bf1b8b221285a23222faa523bf318
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (2)
References (20)
44
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
5/34 · Minimal
Exposure
7/34 · Low