ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Spectrum Vulnerability CVE-2020-17530: OneClick struts2


Article ID: 211867


Updated On:


CA Spectrum


The security scanner reported that Spectrum OneClick server delivers an old implementation of the struts2 library, which is affected by

CVE-2020-17530 Detail

Current Description

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.



Release : 20.2.5, 20.2.7

Component : Spectrum Core / SpectroSERVER


The reported vulnerability CVE-2020-17530 should be fixed with Struts 2.5.26 that is in the Spectrum pipeline and will be available in a next  Spectrum 21.2.1 release.

For Spectrum patch which upgrades the Struts to 2.5.26 was released.