PT-2024-14220 · Apache +1 · Struts +1

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this issue. The specific flaw exists within the...

Security Bulletin: Struts Vulnerability - Order Management does contain the Struts code and it is vulnerable with lower risk [CVE-2023-50164]

Summary Order Management does contain the Struts code and it is vulnerable CVE-2023-50164, however the specific code related to the vulnerability is not in use, therefore the risk is lower. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details...

VulnCheck KEV: CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix...

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34058 DESCRIPTION: VMware Tools could allow a remote attacker to gain elevate...

Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-50164)

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.33. Vulnerability Details CVEID:CVE-2023-50164 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the...

Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-5072, CVE-2023-50164)

Summary IBM Security Guardium has addressed these vulnerabilities Vulnerability Details CVEID:CVE-2023-5072 DESCRIPTION: JSON-java is vulnerable to a denial of service, caused by a bug in the parser. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cau...

Detect and Manage the Risk of Apache Struts (CVE-2023-50164) Comprehensively

Introduction In the vast landscape of cybersecurity, staying vigilant against potential threats is crucial. A critical vulnerability that surfaced recently is CVE-2023-50164, affecting Apache Struts 2, a widely used open-source framework for Java development. This path traversal vulnerability,...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...

The vulnerability of the Struts2 software component for managing power supply sources in Voltronic Power View allows a perpetrator to execute arbitrary code.

The vulnerability of the Struts2 component in the software for managing power sources of Voltronic Power ViewPower Pro is related to improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

Adobe Experience Manager 6.0.0.0 < 6.5.19.1 Arbitrary code execution (APSB23-77)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5.19.1. It is, therefore, affected by a vulnerability as referenced in the APSB23-77 advisory. - An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

This is a Proof of Concept PoC for CVE-2023-50164https://nv...

Yet Another Apache Struts 2 Vulnerability – CVE-2023-50164

Apache Struts is a popular open-source web application framework used to develop MVC-based web applications. The widespread adoption of the Apache Struts framework has resulted in the related applications being targeted by malicious actors over the years. The popularity of the framework results i...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 : Apache Struts 2 vulnerable Docker container...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

Contains vulnerable WAR file and docker file that can be used...

Apache Struts file upload directory traversal

Added: 12/20/2023 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

PT-2023-8168 · Voltronic Power +1 · Voltronic Power Viewpower +1

Name of the Vulnerable Software and Affected Versions: Voltronic Power ViewPower Pro affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...

Apache Struts file upload directory traversal

Added: 12/20/2023 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem A directory traversal vulnerability in Apache...

Security Bulletin: IBM Security Guardium is affected by an Apache Struts vulnerability ( CVE-2023-34396)

Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containing non-file normal form fields. By sending a...

Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability in Apache Struts (CVE-2023-34149)

Summary IBM Security Guardium has addressed this vulnerability with an update. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially crafted request, a...

CVE-2023-50164: A Critical Vulnerability in Apache Struts

On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. Apache Struts is a popular, free, open-source framework that is used in the creation of...