Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM809B2E32467093C13C2C77723ED6C05F1443804289668173728594AF5CDD3FD2
HistoryJun 15, 2018 - 10:47 p.m.

Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2016-0785)

2018-06-1522:47:17
www.ibm.com
11

0.017 Low

EPSS

Percentile

87.9%

JSON

Summary

An Apache Struts vulnerability was addressed by IBM Social Media Analytics 1.3.0 IF18.

Vulnerability Details

CVEID: CVE-2016-0785

DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double OGNL evaluation of attribute values. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVSS Base Score: 7.3

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111513 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Social Media Analytics 1.3

Remediation/Fixes

The recommended solution is to apply the following interim fix:
IBM Social Media Analytics 1.3.0 IF18

For users of IBM Social Media Analytics 1.2 IBM recommends upgrading to IBM Social Media Analytics 1.3.

IBM recommends that you review your entire environment to identify vulnerable releases of the open-source Apache Struts and take appropriate mitigation and remediation actions.

Workarounds and Mitigations

None known. Apply Social Media Analytics 1.3.0 IF18 interim fix.

Related

prion 2
github 1
nvd 2
osv 2
ubuntucve 2
cve 2
openvas 1
nessus 3
cvelist 2
ibm 3
f5 2
wallarmlab 1
prion
prion
Design/Logic Flaw
2016-04-12 16:59:00
Design/Logic Flaw
2017-10-16 16:29:00
github
github
Apache Struts RCE Vulnerability
2022-05-14 00:52:12
nvd
nvd
CVE-2016-0785
2016-04-12 16:59:00
CVE-2016-4461
2017-10-16 16:29:00
osv
osv
Apache Struts RCE Vulnerability
2022-05-14 00:52:12
CVE-2016-4461
2017-10-16 16:29:00
ubuntucve
ubuntucve
CVE-2016-0785
2016-04-12 00:00:00
CVE-2016-4461
2017-10-16 00:00:00
cve
cve
CVE-2016-0785
2016-04-12 16:59:00
CVE-2016-4461
2017-10-16 16:29:00
openvas
openvas
Apache Struts Security Update (S2-029)
2016-06-07 00:00:00
nessus
nessus
Apache Struts 2 Tag Attribute Double OGNL Evaluation RCE
2016-03-24 00:00:00
Apache Struts 2.x < 2.3.28 Multiple Vulnerabilities (S2-028) (S2-029) (S2-030) (S2-034)
2016-03-24 00:00:00
Apache Struts 2.x < 2.3.29 Multiple Vulnerabilities (S2-035 - S2-040)
2016-06-24 00:00:00
cvelist
cvelist
CVE-2016-0785
2016-04-12 16:00:00
CVE-2016-4461
2017-10-16 16:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Apache Struts affect the IBM FlashSystem models 840 and 900 (CVE-2016-0785 CVE-2016-2162)
2023-02-18 01:45:50
Security Bulletin: Vulnerabilities in Apache Struts affect SAN Volume Controller and Storwize Family (CVE-2016-0785 CVE-2016-2162)
2023-03-29 01:48:02
Security Bulletin: Multiple Vulnerabilities in Struts affect IBM InfoSphere Information Server
2018-06-16 13:42:18
f5
f5
SOL17588029 - Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003
2016-04-25 00:00:00
K17588029 : Apache Struts vulnerabilities CVE-2016-0785, CVE-2016-2162, CVE-2016-3081, CVE-2016-3082, and CVE-2016-4003
2016-04-25 00:00:00
wallarmlab
wallarmlab
New Struts2 Remote Code Execution exploit caught in the wild
2017-03-09 00:15:54

0.017 Low

EPSS

Percentile

87.9%

JSON
Related for 809B2E32467093C13C2C77723ED6C05F1443804289668173728594AF5CDD3FD2
prion2github1nvd2osv2ubuntucve2cve2openvas1nessus3cvelist2ibm3f52wallarmlab1