IBM Security Bulletin: IBM Connections Mobile Server Security Refresh for Apache Struts (CVE-2016-0785, CVE-2016-0785, CVE-2016-3093, CVE-2016-4003)

This bulletin relates to security vulnerabilities that have been reported against Apache Struts through May 2016. The IBM Connections Mobile server uses a version of Struts that is vulnerable to these issues. Customers who use the IBM Connections mobile web client should apply this security refresh.

CVE(s): CVE-2016-0785, CVE-2016-2162, CVE-2016-3093, CVE-2016-4003

Affected product(s) and affected version(s):

The following versions of IBM Connections are impacted:

IBM Connections 5.5
IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21984206
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111513
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111515
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113686
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/111514



from IBM Product Security Incident Response Team https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-connections-mobile-server-security-refresh-for-apache-struts-cve-2016-0785-cve-2016-0785-cve-2016-3093-cve-2016-4003/