PT-2018-1514

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.3 to 2.3.34 Apache Struts versions 2.5 to 2.5.16 Description The issue is related to errors in handling user-input data, which can allow a remote attacker to execute arbitrary code. This can occur when...

Security Bulletin: Multiple Vulnerabilities found in products bundled with IBM Security Access Manager for Enterprise Single-Sign On

Summary IBM WebSphere Application Server is shipped as a component of IBM Security Access Manager for Enterprise Single-Sign On. Information about Security vulnerabilities affecting IBM WebSphere Application Server have been published in security bulletins. Vulnerability Details Consult the...

Security Bulletin: ClassLoader manipulation with Apache Struts in Rational Application Developer affecting Rational Business Developer (CVE-2014-0114)

Summary The Struts tool of IBM Rational Application Developer is shipped as a component of Rational Business Developer. The Struts tool is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerability affecting Rational Application Developer h...

Security Bulletin: ClassLoader manipulation with Apache Struts in WebSphere Application Server affecting Rational Business Developer (CVE-2014-0114)

Summary WebSphere Application Server Test Environment WAS TE from IBM Rational Application Developer for WebSphere Software is shipped with Rational Business Developer. The WAS TE is affected by a classloader manipulation vulnerability in Apache Struts. Information about the security vulnerabilit...

Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement (CVE-2015-0899)

Summary The IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement products are affected by a vulnerability that exists in the IBM WebSphere Application Server. The security bulletin includes issue...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2014-0114, CVE-2016-1181, CVE-2016-1182, CVE-2012-1007)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

Security Bulletin: Classloader Manipulation Vulnerability in IBM WebSphere Application Server (CVE-2014-0114) Does Not Affect IBM Security Key Lifecycle Manager

Summary There is a classloader manipulation vulnerability in the Apache Struts 1 that is used by IBM WebSphere Application Server. IBM Security Key Lifecycle Manager is not affected by this vulnerability. Affected Products and Versions None Remediation/Fixes IBM WebSphere Application Server has...

Security Bulletin: Security vulnerabilities have been identified in the WebSphere Application Server where the RAM is deployed.

Summary In the WebSphere Application Server where the Rational Asset Manager is deployed, a remote attacker could exploit the vulnerabilities such as spoofing attacks, execute arbitrary codes, exploit sensitive information and so on. Information about these security vulnerabilities affecting...

Security Bulletin: Multiple vulnerabilities in Jackson-databind affect IBM InfoSphere Information Server

Summary Multiple vulnerabilities in Jackson-databind were addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2018-5968 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by deserialization flaws. By...

Security Bulletin: Multiple vulnerabilities has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2014-0114, CVE-2016-1181, CVE-2016-1182, CVE-2012-1007)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin Vulnerability Details Please consult the security bulletin Security Bulletin:...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server that is shipped with IBM Rational ClearCase (CVE-2016-1181, CVE-2016-1182)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Rational ClearCase. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Vulnerabilities identified in IBM WebSphere Application Server and WebSphere Application Server UDDI shipped with IBM WebSphere Service Registry and Repository (CVE-2012-5783, CVE-2015-0899, CVE-2018-1614 and CVE-2018-1621)

Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Service Registry and Repository. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server UDDI have been published in security bulletins. Vulnerability...

Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI bundled with IBM WebSphere Application Server Patterns (CVE-2015-0899)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

Exploit Demo for CVE-2017-5638 !DepShield Badgehttps://de...

Security Bulletin: Open Source Apache Struts Vulnerabilities affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation

Summary Open Source Apache Struts Vulnerabilities were addressed by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. Vulnerability Details CVE-ID: CVE-2017-12611 Description: Apache Struts could allow a...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server

Summary WebSphere Application Server is shipped with WebSphere Remote Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center.

Summary Public disclosed vulnerability from Apache Struts affects IBM Platform Application Center. Vulnerability Details CVEID: CVE-2018-1327 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted XML request using the XStream handler with the Struts REST...

Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer

Summary Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer. Vulnerability Details CVEID: CVE-2018-1327 DESCRIPTION: Apache Struts is vulnerable to a denial of service. By sending a specially crafted XML request using the XStream handler with the Struts REST plugin...

Security Bulletin: A vulnerability in Apache Struts 2 affects IBM Spectrum Conductor with Spark (CVE-2017-9787, CVE-2017-9804, and CVE-2017-12611)

Summary Several security vulnerabilities CVE-2017-9787 S2-049 CVE-2017-9804 S2-050 CVE-2017-12611 S2-053 have been reported against Apache Struts 2, which IBM Spectrum Conductor with Spark uses as a framework for its WEBGUI service. Struts 2.3.34 addresses these vulnerabilities and can be applied...

Security Bulletin: Apache Struts Vulnerability CVE-2017-9791 will not affect PSS products

Summary The Struts 1 plugin in Apache Struts 2.3.x might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. Among all the PSS products LSF, PPM, RTM, PWS, only PWS 9.1 and 9.1.3 have Struts libs in the package. However, PWS will not use the libs...