Vulnerability found in Apache Struts2 used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint. This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2023-50164
**DESCRIPTION:**Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the handling of file upload parameters, which, if manipulated, can lead to unauthorized path traversal. By uploading a specially crafted archive file containing βdot dotβ sequences (/β¦/), an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273374 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
Content Collector for File Systems | 4.0.1 |
Content Collector for Microsoft SharePoint | 4.0.1 |
Product
| VRM|Remediation
β|β|β
Content Collector for Email| 4.0.1| Use Content Collector for Email 4.0.1.15-IBM-ICC-IF008
Content Collector for File Systems| 4.0.1| Use Content Collector for File Systems 4.0.1.15-IBM-ICC-IF008
Content Collector for Microsoft SharePoint| 4.0.1| Use Content Collector for Microsoft SharePoint 4.0.1.15-IBM-ICC-IF008
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm content collector | eq | 4.0.1 |