Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Apr 2021 CPU)

MySQL Enterprise Monitor installed on the remote host is 8.0.x prior to 8.0.24. Therefore, it's affected by multiple vulnerabilities as referenced in the April 2021 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General Apache Tomcat...

Apache Struts 2 Demo Application Detected

The scanner has detected a publicly accessible Apache Struts 2 default demo application. Known and unknown vulnerabilities could be more easily exploited via this kind of application. No source data...

Apache Struts Security Update (S2-061) - Active Check

Apache Struts is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2019-0233, CVE-2019-0230 Vulnerability Details CVEID: CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a fi...

Apache Struts 2 < 2.3.29 DevMode Remote Code Execution

Apache Struts 2 installed on the remote host is configured to operate in development mode DevMode and is in a version less than or equal to 2.3.29. While this environment can help speed up development of web applications, it is possible to abuse this mode to run arbitrary commands on the server. ...

Apache Struts 2.x < 2.3.15.1 Remote Code Execution (S2-016)

Apache Struts 2.x to 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted 'action:', 'redirect:', or 'redirectAction:' prefix. This mechanism was intended to help with attaching navigational information to buttons within forms. No source data...

VulnCheck KEV: CVE-2020-17530

Forced Object-Graph Navigation Language OGNL evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution...

Apache Struts Security Update (S2-045, S2-046) - Version Check

Apache Struts is prone to multiple remote code execution RCE vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

Apache Struts Security Update (S2-024)

Apache Struts is prone to an unspecified vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

Apache Struts Security Update (S2-053) - Version Check

Apache Struts is prone to a remote code execution RCE vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache Struts Security Update (S2-036)

Apache Struts is prone to a remote code execution RCE vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache Struts 2.0.4 < 2.3.35 / 2.5.x < 2.5.17 Remote Code Execution (S2-057)

Apache Struts versions 2 2.0.4 to 2.3.34 and 2.5.x to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true either by user or a plugin like Convention Plugin and then : - results are used with no namespace and in same time - its upper package have no or wildcard...

Apache Struts 2.3.5 < 2.3.32 / 2.5.x < 2.5.10.1 Remote Code Execution (S2-045 / S2-046)

The Jakarta Multipart parser in Apache Struts 2 2.3.5 to 2.3.31 and 2.5.x to 2.5.10 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

Apache Struts End of Life (EOL) Detection

The Apache Struts version on the remote host has reached the End of Life EOL and should not be used anymore. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Apache Struts Detection Consolidation

Consolidation of Apache Struts detections. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...

Apache Struts Detection (Linux/Unix SSH Login)

SSH login-based detection of Apache Struts. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Vulnerabilities fixed in Tivoli Netcool/OMNIbus

IBM Tivoli Netcool / OMNIbusGUI is vulnerable to stored cross-site scripting XSS. This security vulnerability CVE-2021-20336 allows users insert arbitrary JavaScript code into the Web interface, thereby altering the intended functionality, potentially lead to the release of login credentials with...

Security Bulletin: Multiple vulnerabilities is affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2021-20336, CVE-2020-17530)

Summary Fix is available for multiple vulnerabilities affecting Tivoli Netcool/OMNIbus WebGUI CVE-2021-20336, CVE-2020-17530. Vulnerability Details CVEID: CVE-2021-20336 DESCRIPTION: IBM Tivoli Netcool/OMNIbusGUI is vulnerable to stored cross-site scripting. This vulnerability allows users to emb...

Security Bulletin: Vulnerability in Apache Struts framework affects IBM Spectrum Symphony

Summary Vulnerability exists in the Apache Struts framework version used by IBM Spectrum Symphony V7.2.1, and V7.2.0.2. Interim fixes that provide instructions on upgrading the Apache Struts framework to version 2.5.26 which resolves the vulnerability are available on IBM Fix Central. Vulnerabili...

Security Bulletin: Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation.

Summary Multiple vulnerabilities in dependent libraries affect IBM® Db2® leading to denial of service or privilege escalation. Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Ping Flood attack. By sending continual pings ...