IBM Security Identity Manager Virtual Appliance made code changes to remove the deprecated function and its associated Struts V1 code library.
CVEID:CVE-2016-1182
**DESCRIPTION:**Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/113853 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
ISIM VA | 7.0.2 |
ISIM VA | |
7.0.1 |
Affected Product(s) | Version(s) | Fix Availability |
---|---|---|
IBM Security Identity Manager Virtual Appliance | 7.0.2 |
IBM Security Identity Manager Virtual Appliance| 7.0.1
|
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security identity manager | eq | 7.0.2 | |
ibm security identity manager | eq | 7.0.1 |