Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager. (CVE-2021-31805)

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2021-31805 Vulnerability Details CVEID:CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag...

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2021-31805 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag attributes. By forcing OGNL evaluation of...

Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the...

The vulnerability of the Apache Struts software platform, related to deficiencies in access control, allows attackers to modify any arbitrary files.

The vulnerability of the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to modify arbitrary files remotely...

The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the CookieInterceptor class implementation in the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary code using a specially created HTTP cookie header...

The vulnerability in the implementation of the editPerson.action and struts2-rest-showcase/orders scripts on the Apache Struts software platform allows an attacker to perform XSS attacks.

The vulnerability of the editPerson.action and struts2-rest-showcase/orders implementations on the Apache Struts software platform exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows an attacker to execute XSS attacks by using the...

The vulnerability of the Apache Struts Showcase application on the Apache Struts software platform allows a attacker to execute arbitrary OGNL code.

The vulnerability of the Apache Struts Showcase application on the Apache Struts software platform is related to improper code generation. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary OGNL code using a specially created parameter name...

The vulnerability of the ParametersInterceptor class implementation in the Apache Struts software platform allows attackers to compromise the integrity of the protected information.

The vulnerability of the ParametersInterceptor class implementation in the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to manipulate the integrity of protected information by using a class parameter passed t...

The vulnerability of the Apache Struts software platform, related to deficiencies in access control, allows attackers to trigger a service failure.

The vulnerability of the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to trigger service failures through specially crafted requests with very long parameter names...

The vulnerability of the Apache Struts software platform, related to insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability in the implementation of the OGNL expression transformation class for XWork command structures on the Apache Struts software platform allows attackers to circumvent security restrictions and execute arbitrary commands.

The vulnerability of the OGNL expression transformation class implementation in the XWork expression structure of the Apache Struts software framework is related to deficiencies in access control when using the ParametersInterceptor class with the parameter. Exploiting this vulnerability allows a...

The vulnerability of the Dynamic Method Invocation (DMI) mechanism implemented in the Apache Struts software framework allows attackers to execute arbitrary code.

The vulnerability of the Dynamic Method Invocation DMI mechanism in the Apache Struts software framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the implementation of the action name cleaning method in the Apache Struts software framework allows a hacker to execute arbitrary code.

The vulnerability of the action name cleaning method in the Apache Struts software framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software framework is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

Exploit for Deserialization of Untrusted Data in Apache Struts

CVE-2017-9805 CVE-2017-9805 POC The issue comes fro...

The vulnerability of the Apache Struts software platform, related to improper code generation management, allows attackers to execute arbitrary code.

The vulnerability of the Apache Struts software framework is related to improper code generation during the processing of the includeParams attribute. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

The vulnerability of the ValueStack interface implementation in the Apache Struts software platform allows a attacker to gain access to read, modify, or delete data.

The vulnerability of the ValueStack interface implementation in the Apache Struts software platform is related to insufficient validation of input data when processing objects with the top parameter. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete access to dat...

The vulnerability of the Dynamic Method Invocation (DMI) mechanism implemented in the Apache Struts software framework allows attackers to execute arbitrary code.

The vulnerability of the Dynamic Method Invocation DMI mechanism in the Apache Struts software framework lies in the lack of measures taken to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to insufficient cleaning of input data when processing parameters such as action:, redirect:, and redirectAction: prefix. Exploiting this vulnerability allows an attacker to execut...

The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software framework allows attackers to circumvent security restrictions.

The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to deficiencies in access control when processing the ‘action: prefix’ parameter. Exploiting this vulnerability allows an attacker to bypass security restrictions while operating...