7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
There is a classloader manipulation vulnerability in Apache Struts 1 that is used by the IBM Rational Change application.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID: CVE-2014-0114
Description: Apache Struts could allow a remote attacker to execute arbitrary code on the system. Struts 1 is used by Rational Change application.
CVSS Base Score: 7.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
This problem affects the following versions of Rational Change application:
Upgrade to one of the following releases:
For release 5.2, apply Rational Change Interim Fix 4 for 5.2.0.8
For release 5.3, apply Rational Change Interim Fix 2 for 5.3.0.6
For release 5.3.1, apply Rational Change Interim Fix 1 for 5.3.1.1
None
CPE | Name | Operator | Version |
---|---|---|---|
rational change | eq | 5.2.0.8 | |
rational change | eq | 5.3.0.6 | |
rational change | eq | 5.3.1.1 |