CVE-2019-0233

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 9.79 % (95^th)

Affected Products 5

Advisories 1

An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.

Weaknesses

CWE-281: Improper Preservation of Permissions

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2020-09-14 17:15:09
(4 years ago)
Updated Date: 2022-04-18 15:23:16
(2 years ago)

Affected Products

Apache

Struts

Oracle

Configuration #1

		CPE23	From	Up To
	Apache Struts from 2.0.0 version and 2.5.20 and prior versions	cpe:2.3:a:apache:struts	>= 2.0.0	<= 2.5.20

Configuration #2

		CPE23	From	Up To
	Oracle Communications Policy Management 12.5.0	cpe:2.3:a:oracle:communications_policy_management:12.5.0
	Oracle Financial Services Data Integration Hub 8.0.3	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.3
	Oracle Financial Services Data Integration Hub 8.0.6	cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6
	Oracle Financial Services Market Risk Measurement And Management 8.0.6	cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6
	Oracle Mysql Enterprise Monitor 8.0.23 and prior versions	cpe:2.3:a:oracle:mysql_enterprise_monitor		<= 8.0.23