Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/02/18 1:45 a.m.44 views

Security Bulletin: IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID:CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sendi...

6.8CVSS6.8AI score0.03486EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 5:37 p.m.69 views

Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...

10CVSS10AI score0.99998EPSS
Exploits122Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/20 12:54 a.m.28 views

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2014-7809)

Summary An Open Source Apache Struts vulnerability was disclosed in August 2014. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable...

6.8CVSS6.7AI score0.03486EPSS
Exploits0Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.44 views

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...

6.8CVSS0.2AI score0.03486EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:9 a.m.35 views

Security Bulletin: The IBM FlashSystem V840 product model numbers AC0 and AC1 nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By...

6.8CVSS0.6AI score0.03486EPSS
Exploits0Affected Software1
CVE
CVE
added 2014/12/10 3:0 p.m.83 views

CVE-2014-7809

CVE-2014-7809 affects Apache Struts 2.0.0–2.3.x with predictable values, enabling remote CSRF bypass. Connected IBM advisories confirm impact on IBM FlashSystem 840/V840-AC0/AC1 nodes and IBM SAN Storwize, IBM Sterling Order Management, Call Center, and related products where Struts is used as p...

6.8CVSS6.7AI score0.03486EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/12/10 12:0 a.m.57 views

Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)

The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...

6.8CVSS7.2AI score0.08027EPSS
Exploits0References5
Rows per page
Query Builder