Boletines de Vulnerabilidades

IBM Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to ClassLoader manipulation vulnerability in Open Source Apache Struts version 1 (CVE-2014-0114)

Información sobre el sistema
   
Software afectado IBM

Descripción
Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. IBM Information Server and constituent products are impacted. CVE(s): CVE-2014-0114 Affected product(s) and affected version(s): IBM InfoSphere Information Server

More info:

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_ibm_infosphere_information_server_components_are_vulnerable_due_to_classloader_manipulation_vulnerability_in_open_source_apache_struts_version_1_cve_2014_0114?lang=e

Identificadores estándar
Propiedad Valor
CVE CVE-2014-0114 ,CVE-2014-0963 ,CVE-2014-0935 ,CVE-2014-0907 and CVE-2013-6747.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2014-06-13

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT