SAP Knowledge Base Article - Preview

3194035 - Impact of Apache Struts Remote Code Execution Vulnerability S2-062 (CVE-2021-31805) on SAP Data Services 14.2


On April 12, 2022 the Apache Software Foundation released information (S2-062) on vulnerability (CVE-2021-31805) in Apache Struts 2. This vulnerability is due to the incomplete fix for the vulnerability (CVE-2020-17530) published in the advisory S2-061 on December 8, 2020. A remote attacker leveraging this vulnerability may execute arbitrary code on the server that runs Apache Struts 2.

The following are the versions of Apache Struts 2 are affected by the vulnerability: Apache Struts 2 - Versions 2.0.0 to 2.5.29. Recommendation from Apache Software Foundation is to upgrade to the recently release version of Apache Struts 2 that address this vulnerability. Its backward compatible so no issues expected when upgrading to Struts 2.5.30 Apache Struts 2 - Versions 2.5.30



SAP Data Services 4.x


SAP Data Services 4.2


(S2-062), (CVE-2021-31805), SAP Data Services, SAP BODS, DS, BODS, Apache, Strut, struts, CVE, 2021, 31805 , KBA , EIM-DS-SVR , Administration/Server , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.