Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache Struts could allow a remote...

Security Bulletin: Vulnerability in Apache Struts affects IBM SAN Volume Controller and Storwize Family (CVE-2015-5209)

Summary An Open Source Apache Struts vulnerability was disclosed in September 2015. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attack...

Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family (CVE-2014-0094)

Summary Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0094 Vulnerability Details Security Bulletin --- Summary --- Apache Struts ParametersInterceptor security bypass. Vulnerability Details --- CVEID: CVE-2014-0094 DESCRIPTION: Apache Strut...

Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family (CVE-2014-0094)

Summary Apache Struts ParametersInterceptor security bypass Vulnerability Details CVEID: CVE-2014-0094 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in ParametersInterceptor. An attacker could exploit this vulnerability using the clas...

Security Bulletin: Vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-11776)

Summary A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Apache Struts is used in the Service Assistant GUI...

Security Bulletin: Multiple vulnerabilities in Apache Struts affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Open Source Apache Struts vulnerabilities were disclosed in Jun 2016. Struts is used by SAN Volume Controller, Storwize family and FlashSystem V9000 products in their Service Assistant GUI. The CVEs are CVE-2016-4430 CVE-2016-4431 CVE-2016-4433 CVE-2016-4436. Vulnerability Details CVEID:...

Security Bulletin: Vulnerabilities in Apache Struts affect SAN Volume Controller and Storwize Family (CVE-2016-0785 CVE-2016-2162)

Summary Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by SAN Volume Controller and Storwize Family in its Service Assistant GUI. Vulnerability Details CVEID: CVE-2016-0785 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code o...

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5638)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products allowing arbitrary code execution. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...

Security Bulletin: Apache Commons Beanutils (Publicly disclosed vulnerability) affects IBM eDiscovery Manager (CVE-2019-10086, CVE-2014-0114)

Summary Apache Commons Beanutils vulnerabilities could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the...

Debian: Security Advisory (DLA-292-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K43167094: Apache Struts 2 vulnerability CVE-2016-6795

Security Advisory Description In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is possible to prepare a special URL which will be used for path traversal and execution of arbitrary code on server side. CVE-2016-6795 Impact There is no impact; F5 products are not affected by thi...

K60499474: Apache Struts vulnerability CVE-2018-11776

Security Advisory Description Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper actions have no or wildcard namespace. Same possibility when using url tag which doesn't have value and...

K15261: Apache Struts vulnerability CVE-2014-0112

Security Advisory Description ParametersInterceptor in Apache Struts before 2.3.16.2 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. CVE-2014-0112 Impact None. F5 products do...

K15262: Apache Struts vulnerability CVE-2014-0113

Security Advisory Description CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request...

K17126: Apache Struts vulnerability CVE-2014-7809

Security Advisory Description Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism. CVE-2014-7809 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5...

K13434228: Apache Struts vulnerability CVE-2012-0392

Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method...

K43451236: Apache Struts 2 vulnerability CVE-2017-5638

Security Advisory Description The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted...

K93135205: Apache Struts 2 vulnerability CVE-2016-4436

Security Advisory Description Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up. CVE-2016-4436 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...

K25570584: Apache Struts vulnerability CVE-2012-0394

Security Advisory Description DISPUTED The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability...

K16444: Apache vulnerability CVE-2015-0899

Security Advisory Description The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1...