7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
There is a ClassLoader manipulation vulnerability in Apache Struts that is used by the WebSphere Application Server bundled with Rational Application Developer
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVEID: CVE-2014-0114
**Description:**Apache Struts 1.X could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. There is partial impact to confidentiality, integrity, and availability.
CVSS Base Score: 7.5 **CVSS Temporal Score:**See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/92889>_ for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Rational Application Developer 9.1 and earlier
Product
| VRMF|APAR|Remediation/First Fix
—|—|—|—
Rational Application Developer| 7.0 through 7.0.0.10 Interim Fix 002.| PI18804|
8.0 through 8.0.4.3| PI18804|
For versions 6.1.0.0 through to V6.1.0.47, apply WebSphere Application Server 6.1 Test Environment Update 6.1.0.47u2.
For versions 7.0.0.0 through to V7.0.0.31, apply WebSphere Application Server 7.0 Test Environment Extension 7.0.0.31u1.
Rational Application Developer| 8.5 through 8.5.5
9.0 thorugh 9.1| PI18804|
For versions 7.0.0.0 through to V7.0.0.31, apply WebSphere Application Server 7.0 Test Environment Extension 7.0.0.31u1.
Note: The fix provided by WebSphere Application Server can also be directly applied to the WebSphere Test Environment packaged with Rational Application Developer.
None