CVE-2020-17530

🗓️ 11 Dec 2020 01:11:04Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 1409 Views🌐 WEB

CVE-2020-17530: Apache Struts 2 Remote Code Executio

Reporter	Title	Published	Views	Family All 89
IBM Security Bulletins	Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.	12 Apr 202417:44	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Struts framework affects IBM Spectrum Symphony	19 Mar 202109:21	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities is affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2021-20336, CVE-2020-17530)	22 Mar 202113:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)	14 Sep 202217:37	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections	9 Jun 202208:00	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Struts affects IBM Tivoli Application Dependency Discovery Manager (CVE-2020-17530)	13 Apr 202212:25	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections	9 Jun 202208:03	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Apache Struts Affect IBM eDiscovery Manager	12 Jul 202310:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)	14 Sep 202217:45	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections	9 Jun 202208:01	–	ibm

NVD

Vulners

Node

apache strutsRange2.0.0–2.5.30

Node

oracle business_intelligenceMatch12.2.1.3.0enterprise

oracle business_intelligenceMatch12.2.1.4.0enterprise

oracle communications_diameter_intelligence_hubMatch8.0.0

oracle communications_diameter_intelligence_hubMatch8.1.0

oracle communications_diameter_intelligence_hubMatch8.2.0

oracle communications_diameter_intelligence_hubMatch8.2.3

oracle communications_policy_managementMatch12.5.0

oracle communications_pricing_design_centerMatch12.0.0.3.0

oracle financial_services_data_integration_hubMatch8.0.3

oracle financial_services_data_integration_hubMatch8.0.6

oracle hospitality_opera_5Match5.6

oracle mysql_enterprise_monitorMatch8.0.23

[
  {
    "product": "Apache Struts",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Struts 2.0.0 - Struts 2.5.25"
      }
    ]
  }
]

Source	Link
cwiki	www.cwiki.apache.org/confluence/display/WW/S2-061
oracle	www.oracle.com//security-alerts/cpujul2021.html
oracle	www.oracle.com/security-alerts/cpujan2021.html
oracle	www.oracle.com/security-alerts/cpujan2022.html
oracle	www.oracle.com/security-alerts/cpuapr2022.html
jvn	www.jvn.jp/en/jp/JVN43969166/index.html
oracle	www.oracle.com/security-alerts/cpuApr2021.html
oracle	www.oracle.com/security-alerts/cpuoct2021.html
security	www.security.netapp.com/advisory/ntap-20210115-0005/
openwall	www.openwall.com/lists/oss-security/2022/04/12/6

Parameter	Position	Path	Description	CWE
payload	request body	/hello.action	Deserialization vulnerability leading to remote code execution in Apache Struts via crafted POST to hello.action (CVE-2020-17530).	CWE-917

27 Oct 2025 17:37Current

9.6High risk

Vulners AI Score9.6

CVSS 27.5

CVSS 3.19.8

EPSS0.94373

SSVC

cve-2020-17530 apache struts 2 remote code execution nvd vulnerability