CybeReady introduces the 2023 Holiday CISO Toolkit

By Nitzan Gursky
image December 22, 2023 image < 1

Sonatype describes a newly discovered remote code execution vulnerability in Apache’s Struts2 Framework (CVE-2023-50164). Sonatype explains, “At its core, this vulnerability allows attackers to exploit a flaw in Apache Struts’s file upload system. It lets them manipulate the file upload parameters and perform path traversal. This exploitation can result in arbitrary code execution on the server, leading to various outcomes like unauthorized data access, system compromise, or even complete control over the affected systems, including placing malicious files within systems.”

4a34e52d-562b-4e1e-8b71-5c005a7559a9