Lucene search
IBMEF22A73E167DAD8921F1B5310AD0D0D34493E613208B9FFE7D6DF59B309A1D62HistorySep 25, 2018 - 1:15 p.m.
Security Bulletin: Public disclosed vulnerability from Apache Struts affects IBM Spectrum LSF Explorer
2018-09-2513:15:02
www.ibm.com
53
0.975 High
EPSS
Percentile
100.0%
Summary
Public disclosed vulnerability (CVE-2018-11776) from Apache Struts affects IBM Spectrum LSF Explorer.
Vulnerability Details
CVEID: CVE-2018-11776
DESCRIPTION: Apache Struts namespace code execution
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148694> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM Spectrum LSF Explorer 10.1
IBM Spectrum LSF Explorer 10.2
Remediation/Fixes
<Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
IBM Spectrum LSF Explorer
|
10.1
|
None
|
See fix below
IBM Spectrum LSF Explorer
|
10.2
|
None
|
See fix below
IBM Spectrum LSF Explorer10.1 & 10.2
- Download Apache Struts 2.5.17 from following link, <https://cwiki.apache.org/confluence/display/WW/S2-057>
- Replace the downloaded files (struts2-core-2.5.17.jar, struts2-json-plugin-2.5.17.jar and struts2-spring-plugin-2.5.17.jar) into Explorer installed environment.
- How to find replace files location
- Navigate to Explorer installed directory
- run command ‘find . -name “struts.jar”’
Workarounds and Mitigations
None.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum lsf explorer | eq | any |
Related
packetstorm
packetstorm
Apache Struts 2.3 / 2.5 Remote Code Execution
2018-08-26 00:00:00
Apache Struts 2 Namespace Redirect OGNL Injection
2018-09-07 00:00:00
Apache Struts 2.3 / 2.5 Remote Code Execution
2018-08-25 00:00:00
zdt
zdt
Apache Struts 2 Namespace Redirect OGNL Injection Exploit
2018-09-08 00:00:00
threatpost
threatpost
Audit of GitHub SSH Keys Finds Many Still Vulnerable to Old Debian Bug
2015-06-03 07:37:04
Army Research Lab Releases Dshell Forensics Framework
2015-01-30 10:59:44
Slack Plugs Token Security Hole
2016-04-30 07:25:42
dsquare
dsquare
Apache Struts 2 Multiple Tags Result Namespace Handling RCE
2018-10-20 00:00:00
exploitpack
exploitpack
Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)
2018-08-26 00:00:00
redhatcve
redhatcve
CVE-2018-11776
2018-08-22 08:49:33
ibm
ibm
nessus
nessus
metasploit
metasploit
Apache Struts 2 Namespace Redirect OGNL Injection
2018-08-31 18:48:22
talosblog
talosblog
Connecting the dots between recently active cryptominers
2018-12-18 08:33:00
openvas
openvas
Huawei Data Communication: Apache Struts2 S2-057 Remote Code Execution Vulnerability in Some Huawei Products (huawei-sa-20181121-01-struts2)
2020-06-05 00:00:00
Apache Struts Security Update (S2-057) - Version Check
2018-08-23 00:00:00
Apache Struts Security Update (S2-057) - Active Check
2018-08-27 00:00:00
kitploit
kitploit
Mitaka - A Browser Extension For OSINT Search
2019-09-21 12:00:00
Apache Struts v3 - Tool To Exploit 3 RCE Vulnerabilities On ApacheStruts
2018-08-26 21:14:00
Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
2019-05-12 13:09:00
qualysblog
qualysblog
Security News: Hackers Aim Ransomware at Big Cos., as Experts Call for Swift Patching of Struts Bug
2018-08-27 18:32:33
Detecting Apache Struts 2 Namespace RCE: CVE-2018-11776
2018-08-23 20:27:19
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
cisco
cisco
nuclei
nuclei
Apache Struts2 S2-057 - Remote Code Execution
2021-02-24 04:29:30
osv
osv
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
2018-10-18 19:24:38
CVE-2018-11776
2018-08-22 13:29:00
veracode
veracode
Remote Code Execution (RCE)
2018-08-22 17:36:38
prion
prion
Remote code execution
2018-08-22 13:29:00
akamaiblog
akamaiblog
Web Application and API Protection -- From SQL Injection to Magecart
2020-09-09 13:00:00
checkpoint_advisories
checkpoint_advisories
Apache Struts Remote Code Execution (CVE-2018-11776)
2018-08-23 00:00:00
ubuntucve
ubuntucve
CVE-2018-11776
2018-08-22 00:00:00
github
github
Apache Struts vulnerable to remote command execution (RCE) due to improper input validation
2018-10-18 19:24:38
Bypassing OGNL sandboxes for fun and charities
2023-01-27 16:00:49
f5
f5
K60499474 : Apache Struts vulnerability CVE-2018-11776
2018-08-24 00:00:00
myhack58
myhack58
cvelist
cvelist
CVE-2018-11776
2018-08-22 00:00:00
krebs
krebs
Experts Urge Rapid Patching of ‘Struts’ Bug
2018-08-23 20:22:35
trendmicroblog
trendmicroblog
Server Security for the Modern IT Ecosystem
2019-01-03 15:30:46
attackerkb
attackerkb
cisa_kev
cisa_kev
Apache Struts Remote Code Execution Vulnerability
2021-11-03 00:00:00
nvd
nvd
CVE-2018-11776
2018-08-22 13:29:00
impervablog
impervablog
Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776
2018-08-23 14:25:36
cve
cve
CVE-2018-11776
2018-08-22 13:29:00
exploitdb
exploitdb
Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)
2018-08-26 00:00:00
Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)
2018-09-10 00:00:00
githubexploit
githubexploit
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
Exploit for Injection in Atlassian Confluence
2021-10-06 23:24:24
thn
thn
Cisco Issues Security Patch Updates for 32 Flaws in its Products
2018-09-06 08:45:00
New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
2018-08-22 14:04:00
rapid7blog
rapid7blog
Active Exploitation of Confluence CVE-2022-26134
2022-06-02 23:27:15
fireeye
fireeye
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
0.975 High
EPSS
Percentile
100.0%
Related for EF22A73E167DAD8921F1B5310AD0D0D34493E613208B9FFE7D6DF59B309A1D62