HIGH🇵🇱 Wersja polska

CVE-2013-4316

CVSS 10.0v2.0pub. 2013-09-30upd. 2026-04-29

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Apache Struts

    APP
    Apache
    2.0.02.0.12.0.102.0.112.0.11.12.0.11.22.0.122.0.132.0.142.0.22.0.32.0.42.0.52.0.62.0.7+ 30 więcej
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.112.0.21.72.02.0.12.2.0.13.0
  • Oracle MySQL Enterprise Monitor

    APP
    Oracle
    ≤ 2.3.14≤ 3.0.4
  • Oracle Webcenter Sites

    APP
    Oracle
    11.1.1.6.111.1.1.8.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2020-17530CRITICAL9.8⚠ KEVten sam produkt

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution....

CVE-2020-1938CRITICAL9.8⚠ KEVten sam produkt

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache To...

CVE-2017-9791CRITICAL9.8⚠ KEVten sam produkt

The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field v...