Security Bulletin: Remediation of Multiple Apache Struts Vulnerabilities in IBM Library Support for Struts

Summary Multiple Apache Struts vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2025-68493 DESCRIPTION: Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache...

Security Bulletin: Remediation of Multiple Apache Struts 1.1 Vulnerabilities in IBM Library Support for Struts

Summary Multiple Apache Struts 1.1 Vulnerabilities have been addressed in IBM Library Support for Struts Vulnerability Details CVEID:CVE-2006-1546 DESCRIPTION: Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to bypass validation via a request with a...

EUVD-2022-5822

Malicious code in bioql PyPI...

F5 Networks BIG-IP : Apache Struts vulnerabilities (K24608264)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K24608264 advisory. - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code executio...

Security Bulletin: Multiple vulnerabilities in Apache Struts affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Open Source Apache Struts vulnerabilities were disclosed in Jun 2016. Struts is used by SAN Volume Controller, Storwize family and FlashSystem V9000 products in their Service Assistant GUI. The CVEs are CVE-2016-4430 CVE-2016-4431 CVE-2016-4433 CVE-2016-4436. Vulnerability Details CVEID:...

PT-2018-1514

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.3 to 2.3.34 Apache Struts versions 2.5 to 2.5.16 Description The issue is related to errors in handling user-input data, which can allow a remote attacker to execute arbitrary code. This can occur when...

CVE-2013-2248

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the 1 redirect: or 2 redirectAction: prefix...