Is CVE-2014-0114 actively exploited?

CVE-2014-0114 has no public evidence of in-the-wild exploitation as of 2025-04-12.

What is the CVSS score for CVE-2014-0114?

CVE-2014-0114 has a CVSS score of 7.5 (UNKNOWN severity). Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P.

How do I patch CVE-2014-0114?

Patch guidance is available from apache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2014-0114.

CVE-2014-0114 - remediation guidance & executive summary

Q: Which products are affected by CVE-2014-0114?

18 products: apache commons beanutils, apache struts, apache struts, apache struts, apache struts, and 13 more.

Description

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: partial
Integrity: partial
Availability: partial
Weaknesses: CWE-20 · Improper Input Validation

Metadata

Primary Vendor: APACHE
Published: 4/30/2014
Last Modified: 4/12/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

apache : commons_beanutilsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : strutsapache : struts

Remediation Guidance

Executive Summary

View on NIST NVD