cisco-sa-struts-C2kCMkmT

Apache Struts Vulnerability Affecting Cisco Products: December 2023

cisco-sa-struts-C2kCMkmT · Critical · Published 2 years ago · Updated 2 years ago

On December 7, 2023, the following vulnerability in Apache Struts was disclosed: CVE-2023-50164: An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. For a description of this vulnerability, see the Apache Software Foundation Security Bulletin. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-struts-C2kCMkmT

Cisco advisory ·CSAF JSON

Workarounds

Any workarounds will be documented in the product-specific Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory.

CVEs	CVE-2023-50164
Cisco Bug IDs	CSCwi45131
CVSS Score	Base 9.8 Base 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco Identity Services Engine Software

Related Products

Product	CVE	Evidence
Cisco Identity Services Engine Software	CVE-2023-50164	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Apache Struts Vulnerability Affecting Cisco Products: December 2023

Workarounds

Related Products