Lucene search

K
ibmIBM7A11753B338C15D55DF3A1597718181B984266B89FF9EDD1CD2752B056D40E36
HistoryJun 17, 2018 - 12:17 p.m.

Security Bulletin: OpenSource Apache Struts vulnerability in IBM Content Collector for Email

2018-06-1712:17:47
www.ibm.com
11

EPSS

0.949

Percentile

99.3%

Summary

Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system.

Vulnerability Details

CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101770&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Content Collector for Email v3.0
IBM Content Collector for Email v4.0
IBM Content Collector for Email v4.0.1

Remediation/Fixes

Product

| VRM|Remediation
β€”|β€”|β€”
IBM Content Collector for Email | 3.0| Use IBM Content Collector for Email 4.0.1.5 Interim Fix 001
IBM Content Collector for Email | 4.0| Use IBM Content Collector for Email 4.0.1.5 Interim Fix 001
IBM Content Collector for Email | 4.0.1| Use IBM Content Collector for Email 4.0.1.5 Interim Fix 001

Follow the steps in the readme file in the 4.0.1.5 interim fix 001 to install the interim fix applicable to your version.

Workarounds and Mitigations

None

EPSS

0.949

Percentile

99.3%