Lucene search

K
lenovoLenovoLENOVO:PS500093-NOSID
HistoryJun 09, 2017 - 12:00 a.m.

Apache Struts Open Source Framework Remote Code Execution - us

2017-06-0900:00:00
support.lenovo.com
154

EPSS

0.975

Percentile

100.0%

Lenovo Security Advisory: LEN-14200

Potential Impact: Remote code execution

**Scope of Impact:**Industry-Wide

**CVE Identifier:**CVE-2017-5638

Summary Description:

Lenovo V3700 V2, Lenovo V3700 V2 XP, Lenovo V5030/V5030F and Storwize V7000 for Lenovo storage devices contain a vulnerability in Apache Struts 2, an open source web application framework, that could allow an attacker to perform remote code execution with a maliciously-crafted Content-Type value.

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo recommends customers update using the latest firmware update bundle by following the instructions in the links below.