Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Business Developer (CVE-2014-0114)

Summary

WebSphere Application Server Test Environment (WAS TE) from IBM Rational Application Developer for WebSphere Software is shipped with Rational Business Developer. The WAS TE is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerability affecting Rational Application Developer has been published in a security bulletin.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

• Follow this link for more information (requires login with your IBM ID)
  —|—

Review the security bulletin ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Application Developer (CVE-2014-0114) for vulnerability details.

Affected Products and Versions

Version 9.1.0 and earlier of Rational Business Developer are affected.

Remediation/Fixes

Product

| VRMF|APAR|Fix
—|—|—|—
Rational Business Developer| 7.5.x and 8.0.x| PI18804|

• For WAS TE versions v6.1.0.0 through to v6.1.0.47, apply WebSphere Application Server 6.1 Test Environment Update 6.1.0.47u2

• For WAS TE versions v7.0.0.0 through to v7.0.0.31 , apply WebSphere Application Server 7.0 Test Environment Extension 7.0.0.31u1
  Rational Business Developer| 8.5.x and 9.x| PI18804|

• For WAS TE versions v7.0.0.0 through to v7.0.0.31 , apply WebSphere Application Server 7.0 Test Environment Extension 7.0.0.31u1

Workarounds and Mitigations

None