Lucene search

K
ibmIBMEF22A73E167DAD8921F1B5310AD0D0D34493E613208B9FFE7D6DF59B309A1D62
HistorySep 25, 2018 - 1:15 p.m.

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer

2018-09-2513:15:02
www.ibm.com
61
apache struts
ibm spectrum lsf explorer
cve-2018-11776
code execution
vulnerability
fix
update
security advisory

EPSS

0.975

Percentile

100.0%

Summary

Public disclosed vulnerability (CVE-2018-11776) from Apache Struts affects IBM Spectrum LSF Explorer.

Vulnerability Details

CVEID: CVE-2018-11776

DESCRIPTION: Apache Struts namespace code execution

CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148694&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

IBM Spectrum LSF Explorer 10.1

IBM Spectrum LSF Explorer 10.2

Remediation/Fixes

<Product

|

VRMF

|

APAR

|

Remediation/First Fix

—|—|—|—

IBM Spectrum LSF Explorer

|

10.1

|

None

|

See fix below

IBM Spectrum LSF Explorer

|

10.2

|

None

|

See fix below

IBM Spectrum LSF Explorer10.1 & 10.2

  1. Download Apache Struts 2.5.17 from following link, <https://cwiki.apache.org/confluence/display/WW/S2-057&gt;
  2. Replace the downloaded files (struts2-core-2.5.17.jar, struts2-json-plugin-2.5.17.jar and struts2-spring-plugin-2.5.17.jar) into Explorer installed environment.
  3. How to find replace files location
  • Navigate to Explorer installed directory
  • run command ‘find . -name “struts.jar”’

Workarounds and Mitigations

None.