The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)

Abstract Administrative access to the system via the IP interface may be obtained without authentication. Content VULNERABILITY DETAILS: CVEID: CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 DESCRIPTION: The vulnerabilities can be exploited by a...

Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for IBM Storwize V7000 Security Vulnerabilities (CVE-2013-4310 CVE-2013-4316)

Abstract IBM Storwize V7000 Unified includes fixes for security vulnerabilities in IBM Storwize V7000. Administrative access to the IBM Storwize V7000 via the IP interface may be obtained without authentication. Content Please note that below vulnerabilities are applicable to IBM Storwize V7000...

The vulnerability of the ParameterInterceptor component in the Apache Struts software framework allows a hacker to write any files into the system.

The vulnerability of the ParameterInterceptor component in the Apache Struts software framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the system...

The vulnerability of the mechanism for checking tokens on the Apache Struts software platform allows a perpetrator to carry out a CSRF attack.

The vulnerability of the token verification mechanism in the Apache Struts software framework is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to carry out a CSRF attack remotely...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-1181 and CVE-2016-1182)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software platform allows attackers to carry out phishing attacks.

The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to insufficient validation of input data during the processing of parameters like redirect and redirectAction:prefix. Exploiting this vulnerability allows a malicious actor to carr...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform is related to incorrect code generation during the processing of the includeParams attribute. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a...

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software framework is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus and WebSphere Lombardi Edition. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have...

Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Sterling Order Management as part of its web application framework used for creating Java EE web applications . We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 29. Vulnerability Details...

Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...

catalog.ebrpl.com Cross Site Scripting vulnerability OBB-2880234

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2016-3093

Summary IBM TRIRIGA Application Platform discloses CVE-2016-3093 Vulnerability Details CVEID:CVE-2016-3093 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker...

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2014-7809)

Summary An Open Source Apache Struts vulnerability was disclosed in August 2014. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Intelligent Operations Center and related products (CVE-2016-1181 and CVE-2016-1182)

Summary IBM WebSphere Application Server v7.0 is shipped as a component of IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM WebSphere Application Server have been identified and published in a security bulletin. Vulnerability Details Consult the security...

Expression Language Injection

Expression Language EL has been defined as part of the Java Server Pages Standard Tag Library JSTL in order to offer developers a simple way to output data from an object model. Starting from the JSP 2.0 specification, Expression Language has been made available within JSP pages, but it is also...

Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230)

Summary IBM Sterling File Gateway has addressed multiple security vulnerabilities in Apache Struts Vulnerability Details CVEID:CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a special...

Oracle MySQL Enterprise Monitor (July 2022 CPU)

The version of MySQL Enterprise Monitor installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2022 CPU advisory. - Vulnerability in the MySQL Enterprise Monitor product of Oracle MySQL component: Monitoring: General highlight.js. Supported versions that a...