The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system.
About The Author
Organizations worldwide lack the complete visibility into activities across IT infrastructures needed to reduce cyber risks, causing security incidents, failed compliance, and disruption of business…