IBM Security Bulletin: IBM Connections Security Refresh for Apache Struts CVE-IDs: CVE-2016-0785 CVE-2016-2162
This bulletin relates to security vulnerabilities that have been reported against Apache Struts version 2.3.24.1 and earlier . IBM Connections uses a version of Struts that is vulnerable to these issues.
CVE(s): CVE-2016-0785, CVE-2016-2162
Affected product(s) and affected version(s):
The following versions of IBM Connections are impacted:
IBM Connections 5.5
IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21985424
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111513
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111515
from IBM Product Security Incident Response Team https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-security-refresh-for-apache-struts-cve-ids-cve-2016-0785-cve-2016-2162/