IBM Security Bulletin: Security vulnerabilities in Apache Struts might affect IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-1181, CVE-2016-1182, CVE-2015-0899)

Multiple security vulnerabilities have been reported for Apache Struts that is used by IBM Business Process Manager and WebSphere Lombardi Edition.

CVE(s): CVE-2016-1181, CVE-2016-1182, CVE-2015-0899

Affected product(s) and affected version(s):

• WebSphere Lombardi Edition V7.2.0.0 – V7.2.0.5
• IBM Business Process Manager Advanced V7.5.0.0 – V7.5.1.2
• IBM Business Process Manager Advanced V8.0.0.0 – V8.0.1.3
• IBM Business Process Manager Advanced V8.5.0.0 – V8.5.7.0 prior to cumulative fix 2016.09

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2d0eyNK
X-Force Database: http://ift.tt/2974C3a
X-Force Database: http://ift.tt/29tkNpV
X-Force Database: http://ift.tt/2dFDTdC

from IBM Product Security Incident Response Team http://ift.tt/2d0epde