On April 12, 2022 the Apache Software Foundation released information (S2-062) on vulnerability (CVE-2021-31805) in Apache Struts 2. This vulnerability is due to the incomplete fix for the vulnerability (CVE-2020-17530) published in the advisory S2-061 on December 8, 2020. A remote attacker leveraging this vulnerability may execute arbitrary code on the server that runs Apache Struts 2.
The following are the versions of Apache Struts 2 are affected by the vulnerability: Apache Struts 2 - Versions 2.0.0 to 2.5.29. Recommendation from Apache Software Foundation is to upgrade to the recently release version of Apache Struts 2 that address this vulnerability. Its backward compatible so no issues expected when upgrading to Struts 2.5.30 Apache Struts 2 - Versions 2.5.30
SAP Data Services 4.x
SAP Data Services 4.2
(S2-062), (CVE-2021-31805), SAP Data Services, SAP BODS, DS, BODS, Apache, Strut, struts, CVE, 2021, 31805 , KBA , EIM-DS-SVR , Administration/Server , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.