Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator

Summary

Security Bulletin: Open Source Apache Struts V1 ClassLoader manipulation vulnerability (CVE-2014-0114) in IBM Content Navigator

Vulnerability Details

**CVEID:**CVE-2014-0114

DESCRIPTION:
Open Source Apache Struts V1 ClassLoader manipulation vulnerability

CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92889&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM Content Navigator 2.0.0, 2.0.1, and 2.0.2

IBM Content Navigator is a component that is available to customers in these products (and the products that contain them):

· IBM Content Manager
· IBM FileNet Content Manager
· IBM Content Foundation
· IBM Content Manager OnDemand

Remediation/Fixes

Version 2.0.0: Upgrade to Content Navigator 2.0.2 and apply fix pack 2.0.2.4-ICN-FP004

Version 2.0.1: Apply Interim Fix 2.0.1.2-ICN-IF002

Version 2.0.2: Apply fix pack 2.0.2.4-ICN-FP004

Workarounds and Mitigations

N/A