Lucene search

K
ibmIBM64ED9589C1E5946B109687F790BF28B004D107A0751658576B78487573777400
HistoryJun 17, 2018 - 12:17 p.m.

Security Bulletin: Open Source Apache Struts Vulnerabilities affect IBM Enterprise Records

2018-06-1712:17:55
www.ibm.com
20

EPSS

0.949

Percentile

99.3%

Summary

An Apache Struts vulnerability affect IBM Enterprise Records. IBM has addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2015-0899_
_DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101770 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Enterprise Records v5.2.0 - 5.2.0.3

Remediation/Fixes

Product

| VRMF| Remediation
β€”|β€”|β€”
IBM Enterprise Records| 5.2.0 - 5.2.0.3| Use IBM Enterprise Records 5.2.0 Fix Pack 4 Interim Fix 2

Workarounds and Mitigations

None

EPSS

0.949

Percentile

99.3%