IBM3230B5C261EC75BE3334755D51C9AB2E3BF3C718B1D0EB81405BE610E871641BSecurity Bulletin: Classloader Manipulation Vulnerability in Rational Change (CVE-2014-0114)
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Summary
There is a classloader manipulation vulnerability in Apache Struts 1 that is used by the IBM Rational Change application.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVEID: CVE-2014-0114
Description: Apache Struts could allow a remote attacker to execute arbitrary code on the system. Struts 1 is used by Rational Change application.
CVSS Base Score: 7.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Affected Products and Versions
This problem affects the following versions of Rational Change application:
- Version 5.2
- Version 5.3
- Version 5.3.1
Remediation/Fixes
Upgrade to one of the following releases:
-
For release 5.2, apply Rational Change Interim Fix 4 for 5.2.0.8
-
For release 5.3, apply Rational Change Interim Fix 2 for 5.3.0.6
-
For release 5.3.1, apply Rational Change Interim Fix 1 for 5.3.1.1
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| rational change | eq | 5.2.0.8 | |
| rational change | eq | 5.3.0.6 | |
| rational change | eq | 5.3.1.1 |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P