IBM Security Identity Manager made code changes to remove the deprecated function and its related Struts V1 code library.
CVEID:CVE-2016-1182
**DESCRIPTION:**Apache Struts could allow a remote attacker to bypass security restrictions, caused by the failure to properly properly restrict the Validator configuration bin ActionServlet.java. An attacker could exploit this vulnerability to modify validation rules and error messages.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/113853 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
ISIM | 6.0.2 |
ISIM | |
6.0.0 |
Affected Product / Version | Fix availability |
---|---|
IBM Security Identity Manager 6.0.2 | 6.0.2-ISS-SIM-IF0003 |
IBM Security Identity Manager 6.0.0 | 6.0.0-ISS-SIM-FP0026 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security identity manager | eq | 6.0.2 | |
ibm security identity manager | eq | 6.0.0 |