Known Exploited Vulnerabilities CVE-2020-17530 Mappings

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2020-17530 Apache Struts Remote Code Execution Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2020-17530 is a remote code execution vulnerability in Apache Struts versions 2.0.0 - 2.5.25 allows an attacker to execute code via forced Object Graph Navigational Language (OGNL).
References
CVE-2020-17530 Apache Struts Remote Code Execution Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2020-17530 is a remote code execution vulnerability in Apache Struts versions 2.0.0 - 2.5.25 allows an attacker to execute arbitrary code via forced Object Graph Navigational Language (OGNL) evaluation on raw user input in tag attributes.
References