Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Microsoft SharePoint

Summary

Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system.

Vulnerability Details

CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Content Collector for Microsoft SharePoint v3.0
IBM Content Collector for Microsoft SharePoint v4.0
IBM Content Collector for Microsoft SharePoint v4.0.1

Remediation/Fixes

Product

| VRM|Remediation
—|—|—
IBM Content Collector for Microsoft SharePoint| 3.0| Use IBM Content Collector for Microsoft SharePoint 4.0.1.5 Interim Fix 001
IBM Content Collector for Microsoft SharePoint| 4.0| Use IBM Content Collector for Microsoft SharePoint 4.0.1.5 Interim Fix 001
IBM Content Collector for Microsoft SharePoint| 4.0.1| Use IBM Content Collector for Microsoft SharePoint 4.0.1.5 Interim Fix 001

Follow the steps in the readme file in the 4.0.1.5 interim fix 001 to install the interim fix applicable to your version.

Workarounds and Mitigations

None