Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)

Summary This bulletin relates to several security vulnerabilities that have been reported against Apache Struts 2 through October 2013. IBM Platform Symphony includes a version of Struts 2 that is vulnerable to these issues. Vulnerability Details Several security vulnerabilities have been reporte...

Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem V840 (CVE 2015-1831)

Summary There is a vulnerability in the Open Source Struts used by the IBM FlashSystem V840. An exploit of this vulnerability could result in an attacker gaining control of internal states which affect the FlashSystem V840. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified...

Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem 900 (CVE 2015-1831)

Summary There is a vulnerability in the Open Source Struts used by the IBM FlashSystem 900. An exploit of this vulnerability could result in an attacker gaining control of internal states which affect the FlashSystem 900. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified...

Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of this vulnerability CVE-2016-4461 could allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache...

Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2016-4461 could allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache Struts could allow a...

Security Bulletin:Vulnerability in Apache Struts affects Storwize V7000 Unified (CVE-2017-5638)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of Storwize V7000 Unified allowing arbitrary code execution. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could allow a remote attacker to...

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2017-5638 could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could...

Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840

Summary There are vulnerabilities in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-4430, CVE-2016-4431, CVE-2016-4433, and CVE-2016-4436 could allow a remote attacker to perform a cross-site script attack, perform Web cache poisonin...

Security Bulletin:A vulnerability in Struts affects the IBM FlashSystem model V840 (CVE-2015-5209)

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache Struts could allow a remot...

Security Bulletin: A vulnerability in Struts affects the IBM FlashSystem model V9000 (CVE-2015-5209)

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache Struts could allow a remo...

Security Bulletin: A vulnerability in Open Source Struts affects the IBM FlashSystem V9000 (CVE 2015-1831)

Summary There is a vulnerability in the Open Source Struts used by the IBM FlashSystem V9000. An exploit of this vulnerability could result in an attacker gaining control of internal states which affect the FlashSystem V9000. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified...

Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840, (CVE-2014-6593 and CVE-2015-0410))

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6.0 that is used by the IBM FlashSystem V840. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An unspecified...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...

Security Bulletin: Vulnerability in Apache Struts affects IBM System Storage Storwize V7000 Unified (CVE-2014-0094)

Summary There is a ParametersInterceptor security bypass vulnerability in Apache Struts that is used by IBM System Storage Storwize V7000 Unified. Vulnerability Details CVEID: CVE-2014-0094 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an erro...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem V840 model number -AC0, and –AC1 nodes use the Apache Struts library. Struts is used only by the Service Assist GUI...

Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem V840-AE1 uses the Apache Struts library. Struts is used only by the Service Assist GUI. CVE-2014-0112 Apache Struts...

Security Bulletin: A Security vulnerability has been discovered in Apache Struts which impacts the DS8000 GUI (CVE-2014-0114)

Summary A security vulnerability has been discovered in Apache Struts which impacts the DS8000 GUI. Vulnerability Details CVE-ID: CVE-2014-0114 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class...

Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator

Summary IBM Business Process Manager is shipped as a component of IBM Cloud Orchestrator, IBM Cloud Orchestrator Enterprise, IBM SmartCloud Orchestrator, and IBM SmartCloud Orchestrator Enterprise. Vulnerability Details Review the following security bulletins for IBM Business Process Manager for...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Integrated Information Core (CVE-2016-1181 and CVE-2016-1182)

Summary IBM WebSphere Application Server v7.0 is shipped as a component of IBM Integrated Information Core. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in a security bulletin. Vulnerability Details Consult the security bulletin:...