Lucene search

K
ibmIBM8D92F3D2DF6A11349A2815C9DBFEE8CEFA4D5B034DC3477EAF30879571A440D4
HistorySep 25, 2018 - 1:15 p.m.

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center

2018-09-2513:15:02
www.ibm.com
157

EPSS

0.975

Percentile

100.0%

Summary

Public disclosed vulnerability (CVE-2018-11776) from Apache Struts affects IBM Platform Application Center.

Vulnerability Details

CVEID: CVE-2018-11776

DESCRIPTION: Apache Struts namespace code execution

CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148694&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Platform Application Center 9.1.5

Platform Application Center 9.1.4.2

Platform Application Center 9.1.4.1

Platform Application Center 9.1.4

Platform Application Center 9.1.3

Platform Application Center 9.1.2

Platform Application Center 9.1.1

Platform Application Center 9.1

Remediation/Fixes

<Product

|

VRMF

|

APAR

|

Remediation/First Fix

—|—|—|—

Platform Application Center

|

9.1.5

|

None

|

See fix below

Platform Application Center

|

9.1.4.2

|

None

|

See fix below

Platform Application Center

|

9.1.4.1

|

None

|

See fix below

Platform Application Center

|

9.1.4

|

None

|

See fix below

Platform Application Center

|

9.1.3

|

None

|

See fix below

Platform Application Center

|

9.1.2

|

None

|

See fix below

Platform Application Center

|

9.1.1

|

None

|

See fix below

Platform Application Center

|

9.1

|

None

|

See fix below

Platform Application Center 9.1.5, 9.1.4.2, 9.1.4.1, 9.1.4, 9.1.3, 9.1.2, 9.1.1, 9.1

  1. Download Apache Struts 2.5.17 from following link, <https://cwiki.apache.org/confluence/display/WW/S2-057&gt;
  2. Replace the downloaded files (struts2-core-2.5.17.jar, struts2-json-plugin-2.5.17.jar and struts2-spring-plugin-2.5.17.jar) into Application Center installed environment.
  3. How to find replace files location
    * Navigate to PAC installed directory
    * run command ‘find . -name “struts.jar”’