7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
There is a classloader manipulation vulnerability in the Apache Struts that is used by the IBM WebSphere Application Server 6.1 and 7.0.
| Subscribe to My Notifications to be notified of important product support alerts like this.
The Apache Struts version 1.x used by the Administrative Console in WebSphere Application Server (WAS) version 6.1.0.0-6.1.0.47 and 7.0.0.0-7.0.0.29 may be vulnerable to a class loader manipulation. If you are running the Rational Insight report server or the Rational Insight Data Services on these versions of WAS, it is strongly recommended that you apply the WAS interim fix described below.
Note: Rational Insight does not use Apache Struts and is not directly affected by this vulnerability. This vulnerability also does not affect IBM WebSphere Application Server version 8.0.x.x or 8.5.x.x.
CVE ID: CVE-2014-0114
**Description:**Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes.
CVSS Base Score: 7.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Rational Insight 1.0, 1.0.0.1, 1.0.0.2, 1.0.1, 1.0.1 iFix1, 1.0.1.1, 1.1, 1.1.1, 1.1.1.1, 1.1.1.2 and 1.1.1.3
Follow the steps detailed in Security Bulletin 1672316: Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server CVE-2014-0114.
None