Apache Struts security issues ‐ time to patch your IBM Connections install

by Stuart McIntyre 10 years ago

written by Stuart McIntyre 10 years ago 0 comment

I’ve just come across an IBM technote from May 2014 that has been updated over the last few days, listing details of a number of vulnerabilities in Apache Struts:

You Might Be Interested In

[titled_box title=”Vulnerability Details”]Several security vulnerabilities have been reported against Apache Struts through April 2014. IBM Connections uses Struts. A version of the package that is vulnerable to these issues is used in several past versions of IBM Connections. To fix these vulnerabilities apply the fixes as detailed in the Remediation section.

The following versions of IBM Connections are impacted:

IBM Connections 5.0
IBM Connections 4.5
IBM Connections 4.0
IBM Connections 3.0.1.1 and earlier releases[/titled_box]

There are fixes for all the above mentioned versions of Connections. Here are the two most recent:

IBM Connections 5.0	Apply APAR LO80688
IBM Connections 4.5	Upgrade to IBM Connections 4.5 CR4 and apply Interim Fix APAR LO81215

I would definitely recommend getting these security fixes on ASAP, particularly if your IBM Connections platform is public-facing…

Stuart McIntyre

Stuart McIntyre is an employee communications strategist, currently working for a large financial services organisation. He curates a number of product-focused news sites, is a lapsed podcaster, founded the Social Connections user group and regularly speaks at conferences and events. This blog represents his own slightly-eccentric and usually-controversial opinions!

Apache Struts security issues ‐ time to patch your IBM Connections install

You may also like

Subscribe

Are you sure want to unlock this post?

Are you sure want to cancel subscription?

Queue