IBM Security Bulletin:Vulnerability in Apache Struts affects Storwize V7000 Unified (CVE-2017-5638)

A vulnerability in the Apache Struts component affects the Service Assistant GUI of Storwize V7000 Unified allowing arbitrary code execution. The Command Line Interface is unaffected.

CVE(s): CVE-2017-5638

Affected product(s) and affected version(s):

IBM Storwize V7000 Unified
The product is affected when running code releases 1.5.x and 1.6.0.0 to 1.6.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2gzmUgN
X-Force Database: http://ift.tt/2m6OQ0m

The post IBM Security Bulletin:Vulnerability in Apache Struts affects Storwize V7000 Unified (CVE-2017-5638) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2gzZx71