The vulnerability of the Dynamic Method Invocation (DMI) mechanism implemented in the Apache Struts software framework allows attackers to execute arbitrary code.

The vulnerability of the Dynamic Method Invocation DMI mechanism in the Apache Struts software framework lies in the lack of measures taken to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software framework allows attackers to circumvent security restrictions.

The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to deficiencies in access control when processing the ‘action: prefix’ parameter. Exploiting this vulnerability allows an attacker to bypass security restrictions while operating...

The vulnerability of the ValueStack interface implementation in the Apache Struts software platform allows a attacker to gain access to read, modify, or delete data.

The vulnerability of the ValueStack interface implementation in the Apache Struts software platform is related to insufficient validation of input data when processing objects with the top parameter. Exploiting this vulnerability can allow an attacker to gain read, modify, or delete access to dat...

Security Bulletin: Unauthorized access exposure on IBM SAN Volume Controller and Storwize Family (CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965)

Abstract Administrative access to the system via the IP interface may be obtained without authentication. Content VULNERABILITY DETAILS: CVEID: CVE-2013-2251 CVE-2013-2248 CVE-2013-2135 CVE-2013-2134 CVE-2013-2115 CVE-2013-1966 CVE-2013-1965 DESCRIPTION: The vulnerabilities can be exploited by a...

Security Bulletin: IBM Storwize V7000 Unified V1.4.2.1 Includes Fixes for IBM Storwize V7000 Security Vulnerabilities (CVE-2013-4310 CVE-2013-4316)

Abstract IBM Storwize V7000 Unified includes fixes for security vulnerabilities in IBM Storwize V7000. Administrative access to the IBM Storwize V7000 via the IP interface may be obtained without authentication. Content Please note that below vulnerabilities are applicable to IBM Storwize V7000...

The vulnerability of the mechanism for checking tokens on the Apache Struts software platform allows a perpetrator to carry out a CSRF attack.

The vulnerability of the token verification mechanism in the Apache Struts software framework is related to insufficient validation of the authenticity of executed requests. Exploiting this vulnerability allows a malicious actor to carry out a CSRF attack remotely...

The vulnerability of the ParameterInterceptor component in the Apache Struts software framework allows a hacker to write any files into the system.

The vulnerability of the ParameterInterceptor component in the Apache Struts software framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to write arbitrary files into the system...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2016-1181 and CVE-2016-1182)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software framework is related to improper code generation management. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform allows attackers to perform cross-site scripting attacks.

The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform is related to incorrect code generation during the processing of the includeParams attribute. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a...

The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software platform allows attackers to carry out phishing attacks.

The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to insufficient validation of input data during the processing of parameters like redirect and redirectAction:prefix. Exploiting this vulnerability allows a malicious actor to carr...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus and WebSphere Lombardi Edition. Information about security vulnerabilities affecting IBM WebSphere Application Server Traditional have...

Security Bulletin: IBM Sterling Order Management Apache Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Sterling Order Management as part of its web application framework used for creating Java EE web applications . We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 29. Vulnerability Details...

Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...

catalog.ebrpl.com Cross Site Scripting vulnerability OBB-2880234

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2016-3093

Summary IBM TRIRIGA Application Platform discloses CVE-2016-3093 Vulnerability Details CVEID:CVE-2016-3093 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by the improper implementation of cache used to store method references by the OGNL expression language. An attacker...

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2014-7809)

Summary An Open Source Apache Struts vulnerability was disclosed in August 2014. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable...

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server that is shipped with IBM Intelligent Operations Center and related products (CVE-2016-1181 and CVE-2016-1182)

Summary IBM WebSphere Application Server v7.0 is shipped as a component of IBM Intelligent Operations Center. Information about security vulnerabilities affecting IBM WebSphere Application Server have been identified and published in a security bulletin. Vulnerability Details Consult the security...

Security Bulletin: Multiple Security Vulnerabilities in Apache Struts Affect IBM Sterling File Gateway (CVE-2019-0233, CVE-2019-0230)

Summary IBM Sterling File Gateway has addressed multiple security vulnerabilities in Apache Struts Vulnerability Details CVEID:CVE-2019-0233 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a special...