Apache Commons BeanUtils with Struts 1 does not suppress the class property, which allows remote attackers to “manipulate” the ClassLoader and execute arbitrary code via the class parameter.
CVE(s): CVE-2014-0114
Affected product(s) and affected version(s):
IBM Sterling B2B Integrator 5.2 – 5.2.6
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22015894
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/92889
The post IBM Security Bulletin: Vulnerability in Apache Commons BeanUtils Affects IBM Sterling B2B Integrator (CVE-2014-0114) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2rfGfIm
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.