Security Bulletin: Vulnerability in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2021-31805)

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.30. Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a...

Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...

Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...

Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...

Security Bulletin: CVE-2020-17530 may affect Apache struts2-core used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache struts2-core-2.5.22 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2020-17530 DESCRIPTION: Apache Struts could allo...

Security Bulletin: CVE-2021-31805 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Summary Vulnerability found in Apache Struts used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections Vulnerability Details CVEID: CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote...

GHSA-CCP5-GG58-PXFM Improper Preservation of Permissions in Apache Struts

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload...

Improper Preservation of Permissions in Apache Struts

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload...

GHSA-265R-PP83-GWW7 Cross-site Scripting in Apache Struts

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...

Cross-site Scripting in Apache Struts

When the Struts2 debug mode is turned on, under certain conditions an arbitrary script may be executed in the 'Problem Report' screen. Also if JSP files are exposed to be accessed directly it's possible to execute an arbitrary script. It is generally not advisable to have debug mode switched on...

Struts: Validator Without Form Field

Overview std/crypto/elliptic is a Go standard library package std/crypto/elliptic Affected versions of this package are vulnerable to Struts: Validator Without Form Field. Go Vulnerability Report: via the IsOnCurve function. An attacker can trigger a panic or cause invalid cryptographic operation...

Apache Struts 2.x < 2.5.29 Remote Code Execution (S2-062)

The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...

org.apache.struts:struts2-apps (=2.0.11), org.apache.struts:struts2-assembly (=2.0.11) +18 more potentially affected by CVE-2008-6682 via org.apache.struts:struts2-core (=2.0.11)

org.apache.struts:struts2-core MAVEN version =2.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts2-core and may be impacted: - org.apache.struts:struts2-apps =2.0.11 - org.apache.struts:struts2-assembly =2.0.11 -...

GHSA-JGCR-9C2Q-RVP8 Apache Struts is vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...

Apache Struts is vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...

br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), net.sf.fastupload:fastupload-core (=0.4.7) +25 more potentially affected by CVE-2008-6505 via org.apache.struts:struts2-core (=2.1.2)

org.apache.struts:struts2-core MAVEN version =2.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts2-core and may be impacted: - br.net.woodstock.rockframework:rockframework-web =1.2.1, =1.2.2 - net.sf.fastupload:fastupload-cor...

org.apache.struts:struts2-apps (>=2.0.11 <=2.0.11.2), org.apache.struts:struts2-assembly (=2.0.11) +19 more potentially affected by CVE-2008-6505 via org.apache.struts:struts2-core (>=2.0.11 <=2.0.11.2)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11, =2.0.11.2 and more Source cves: CVE-2008-6505 Source advisory: OSV:GHSA-WV7G-XHVW-8HCP...

GHSA-WV7G-XHVW-8HCP Apache Struts directory traversal vulnerability

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f encoded dot dot slash in a URI with a /struts/ path, related to 1 FilterDispatcher in 2.0.x and 2 DefaultStaticContentLoader in 2.1...

Apache Struts directory traversal vulnerability

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f encoded dot dot slash in a URI with a /struts/ path, related to 1 FilterDispatcher in 2.0.x and 2 DefaultStaticContentLoader in 2.1...