Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...

CVE-2012-1006

CVE-2012-1006 refers to multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3. The flaws allow remote attackers to inject arbitrary web script or HTML via parameters in the Struts2 showcase applications: (1) name, (2) lastName to struts2-showcase/person/editPerson....