Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Platform Symphony and IBM Spectrum Symphony (CVE-2017-5638)

Summary A Security vulnerability relating to remote code execution CVE-2017-5638 S2-045 has been reported against Apache Struts 2, which IBM Platform Symphony uses as a framework for its WEBGUI service. The Struts 2 package version that is vulnerable to these issues is included in several past...

Security Bulletin: Vulnerabilities in Struts affect IBM Systems Director (ISD) Server (CVE-2016-1181, CVE-2016-1182)

Summary Struts vulnerabilities affect ISD Server. ISD Server has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-1181 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to protect against unintended remote...

Security Bulletin: Apache Struts v2 Jakarta Multipart parser code execution affects IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation (CVE-2017-5638)

Summary An Apache Struts vulnerability of arbitrary code execution was addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts...

Security Bulletin: OPEN Source Apache Struts Vulnerabilities IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC (CVE-2016-4003)

Summary Apache Struts is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URLDecoder implementation. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

Security Bulletin:Multiple vulnerabilities in IBM JRE affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC(CVE-2016-4003)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6, 7 that is used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, and Platform HPC. These issues were disclosed in the Oracle April 2016 Critic...

Security Bulletin: IBM Platform Symphony (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)

Summary Several security vulnerabilities have been reported against Apache Struts 2 through May 2014. IBM Platform Symphony’s GUI uses Struts 2 as a framework for Java web applications. A version of the package that is vulnerable to these issues is included in several past versions of IBM Platfor...

Security Bulletin: IBM Platform Symphony (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 CVE-2013-4310)

Summary This bulletin relates to several security vulnerabilities that have been reported against Apache Struts 2 through October 2013. IBM Platform Symphony includes a version of Struts 2 that is vulnerable to these issues. Vulnerability Details Several security vulnerabilities have been reporte...

Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem model V840

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2016-4461 could allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache Struts could allow a...

Security Bulletin: Vulnerability in Apache Struts affects the IBM FlashSystem models 840 and 900

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ 840 and FlashSystem™ 900 are susceptible. An exploit of this vulnerability CVE-2016-4461 could allow an attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache...

Security Bulletin:Vulnerability in Apache Struts affects Storwize V7000 Unified (CVE-2017-5638)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of Storwize V7000 Unified allowing arbitrary code execution. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could allow a remote attacker to...

Security Bulletin: A vulnerability in Apache Struts affects the IBM FlashSystem model V840

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability CVE-2017-5638 could allow a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION: Apache Struts could...

Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem model V840

Summary There are vulnerabilities in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities CVE-2016-4430, CVE-2016-4431, CVE-2016-4433, and CVE-2016-4436 could allow a remote attacker to perform a cross-site script attack, perform Web cache poisonin...

Security Bulletin:A vulnerability in Struts affects the IBM FlashSystem model V840 (CVE-2015-5209)

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache Struts could allow a remot...

Security Bulletin: A vulnerability in Struts affects the IBM FlashSystem model V9000 (CVE-2015-5209)

Summary There is a vulnerability in Apache Struts to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could allow a remote attacker to gain unauthorized access to the system. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache Struts could allow a remo...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...

Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840, (CVE-2014-6593 and CVE-2015-0410))

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6.0 that is used by the IBM FlashSystem V840. These issues were disclosed as part of the IBM Java SDK updates in January 2015. Vulnerability Details CVEID: CVE-2015-0410 DESCRIPTION: An unspecified...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...

Security Bulletin: Vulnerability in Apache Struts affects IBM System Storage Storwize V7000 Unified (CVE-2014-0094)

Summary There is a ParametersInterceptor security bypass vulnerability in Apache Struts that is used by IBM System Storage Storwize V7000 Unified. Vulnerability Details CVEID: CVE-2014-0094 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by an erro...

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem V840 model number -AC0, and –AC1 nodes use the Apache Struts library. Struts is used only by the Service Assist GUI...

Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache’s Struts library

Summary Security vulnerabilities have been discovered in Apache’s Struts library Vulnerability Details CVE-ID: CVE-2014-0112, CVE-2014-0094, & CVE-2014-0050 DESCRIPTION: FlashSystem V840-AE1 uses the Apache Struts library. Struts is used only by the Service Assist GUI. CVE-2014-0112 Apache Struts...