VMware vCenter Orchestrator和Alive Enterprise在实现上存在远程代码执行漏洞，两个产品中都嵌入了第三方组件Apache Struts，此组件中的远程代码执行漏洞可允许恶意用户绕过ParametersInterceptor内的’#'-usage保护，使服务器端context对象受控。

VMWare VMware vCenter Orchestrator 4.1
VMWare VMware vCenter Orchestrator 4.0
VMWare Alive Enterprise 7.2
厂商补丁：

VMWare

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

http://www.vmware.com

saint 4

seebug 2

vmware 2

osv 1

checkpoint_advisories 1

openvas 4

nessus 2

exploitpack 1

d2 1

packetstorm 2

github 1

nuclei 1

cisco 1

dsquare 2

zdt 1

exploitdb 1

ubuntucve 1

canvas 1

prion 1

cve 1

ibm 4

wallarmlab 1

kitploit 1

saint

Apache Struts2 XWork ParameterInterceptor security bypass

2010-08-05 00:00:00

Apache Struts2 XWork ParameterInterceptor security bypass

2010-08-05 00:00:00

Apache Struts2 XWork ParameterInterceptor security bypass

2010-08-05 00:00:00

seebug

Struts2/XWork < 2.2.0 - Remote Command Execution Vulnerability

2014-07-01 00:00:00

Struts2/XWork < 2.2.0 Remote Command Execution Vulnerability

2010-07-15 00:00:00

vmware

VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

2011-03-14 00:00:00

VMware vCenter Orchestrator and Alive Enterprise remote code execution vulnerability

2011-03-14 00:00:00

osv

Server side object manipulation in Apache Struts

2022-05-13 01:14:26

checkpoint_advisories

Apache Struts2 ParametersInterceptor Remote Command Execution (CVE-2010-1870)

2010-08-11 00:00:00

openvas

Struts Remote Command Execution Vulnerability

2010-09-10 00:00:00

Struts Remote Command Execution Vulnerability

2010-09-10 00:00:00

Apache Struts2/XWork Remote Command Execution Vulnerability

2010-12-21 00:00:00

nessus

Apache Struts 2.x < 2.2.1 OGNL RCE (S2-005)

2018-09-10 00:00:00

Apache Struts 2 / XWork Remote Code Execution (safe check)

2010-07-29 00:00:00

exploitpack

Struts2XWork 2.2.0 - Remote Command Execution

2010-07-14 00:00:00

DSquare Exploit Pack: D2SEC_STRUTS

2010-08-17 20:00:00

packetstorm

Struts2/XWork Remote Command Execution

2010-07-14 00:00:00

Apache Struts < 2.2.0 Remote Command Execution

2011-08-19 00:00:00

github

Server side object manipulation in Apache Struts

2022-05-13 01:14:26

nuclei

ListSERV Maestro <= 9.0-8 RCE

2021-07-01 19:14:33

cisco

Apache Struts 2 Command Execution Vulnerability in Multiple Cisco Products

2014-07-09 16:00:00

dsquare

Apache-Struts < 2.2.0 RCE Linux

2012-01-26 00:00:00

Apache-Struts < 2.2.0 RCE Windows

2012-01-26 00:00:00

zdt

LISTSERV Maestro 9.0-8 Remote Code Execution Vulnerability

2020-10-21 00:00:00

exploitdb

Struts2/XWork < 2.2.0 - Remote Command Execution

2010-07-14 00:00:00

ubuntucve

CVE-2010-1870

2010-08-17 00:00:00

canvas

Immunity Canvas: STRUTSCODEINJECTION

2012-01-08 15:55:00

prion

Design/Logic Flaw

2010-08-17 20:00:00

cve

CVE-2010-1870

2010-08-17 20:00:00

ibm

Security Bulletin: Order Management could be subject to multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x.

2024-04-12 17:35:43

Security Bulletin: Order Management could be subject to an Apache Struts vulnerability that could allow a remote attacker to execute arbitrary code on the system.

2024-04-12 17:44:56

Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)

2022-09-14 17:45:15

wallarmlab

New Struts2 Remote Code Execution exploit caught in the wild

2017-03-09 00:15:54

kitploit

Vulmap - Web Vulnerability Scanning And Verification Tools

2020-12-25 11:30:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.054 Low

EPSS

Percentile

92.3%

JSON

Related for SSV:20526