Rewterz Threat Advisory - CVE-2020-17523 - Apache Shiro security bypass

Rewterz Threat Alert – Bitter APT Group – IOCs

February 2, 2021

Rewterz Threat Advisory – CVE-2021-25249 – Trend Micro Apex One privilege escalation

February 2, 2021

Rewterz Threat Advisory – CVE-2020-17523 – Apache Shiro security bypass

Severity

High

Analysis Summary

CVE-2020-17523

Apache Shiro could allow a remote attacker to bypass security restrictions, caused by improper authenticated validation when using with Spring. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to bypass access restrictions.

Impact

Security bypass

Affected Vendors

Apache

Affected Products

Apache Shiro 1.7.0

Remediation

Upgrade to the latest version of Apache Shiro (1.7.1 or later)

Rewterz Annual Threat Intelligence Report 2025 - Download Now

Rewterz Threat Advisory – CVE-2020-17523 – Apache Shiro security bypass

Severity

Analysis Summary

CVE-2020-17523

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan