IBM Security Bulletin: Vulnerabilities in Apache Struts affect IBM WebSphere Portal (CVE-2015-0899, CVE-2016-1181, CVE-2016-1182)

Fixes are available for vulnerabilities in Apache Struts affecting IBM WebSphere Portal (CVE-2015-0899, CVE-2016-1181, CVE-2016-1182).

CVE(s): CVE-2016-1181, CVE-2016-1182, CVE-2015-0899

Affected product(s) and affected version(s):

IBM WebSphere Portal 8.5
IBM WebSphere Portal 8.0
IBM WebSphere Portal 7
IBM WebSphere Portal 6.1
For unsupported versions IBM recommends upgrading to a fixed, supported version of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21988770
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113852
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/113853
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/101770



from IBM Product Security Incident Response Team https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-apache-struts-affect-ibm-websphere-portal-cve-2015-0899-cve-2016-1181-cve-2016-1182/