Struts Vulnerability Notification
Struts Vulnerability Notification
A recent announcement by IBM communicated that a number of our clients may be vulnerable to a security flaw in SFG/B2Bi. This is due to the use of Apache Struts within the product. The main vulnerability seems to be within the HTTP Server adapters therefore, if you are using AS2 or other URLs you may be exposed.
The vulnerability is marked as high for Government/Business systems although there is no evidence of anything untoward within IBM/Sterling software that we are aware of at the moment.
The recommendation is to follow guidance from IBM support, register for B2B/SFG notifications or please contact us and we can have a look at your systems to determine a best course of action.
For those technically minded
Apache Struts is a widely used open-source, MVC framework for creating Java web applications. Apache Struts versions prior to 2.3.35 and 2.5.17 were originally a problem in 2018. These were addressed at the time and in B2Bi 6.0.3.2 at least, a recommended version of 2.5.18 is being used. Recommendations have changed though requiring it to be patched up to 2.5.22. The original vulnerability had the potential to execute arbitrary code on the system, it seems the new recommendation is more around a Denial of Service Attack but the older more serious risk is still showing as active up to 2.5.20
The original notification https://www.ibm.com/support/pages/node/6324787
24 Comments
gucci handbags usa online · March 16, 2023 at 5:04 pm
Therefore, in this GG Marmont bag series, you will also feel the retro style. In fact, it also carries the nostalgia of designer Alessandro Michele. At the same time, it also achieves the integration of art and fashion, and continuous innovative design. Give it the “blood” of a new era.
AlonzoGap · April 21, 2023 at 9:53 pm
uae virtual phone number
HaroldPhoky · April 26, 2023 at 5:59 pm
продаю
cheap air jordans · April 28, 2023 at 9:50 pm
The vamp of this pair of white cement aj5 adopts the softer lychee leather upper which is the same as aj3 white cement a few years ago, instead of the hard leather surface of aj4 white cement last year and aj5 white cement in the past. In my opinion, compared with aj3, aj5’s shoes are not so suitable for litchi skin. Aj5’s design is more dynamic than the simple leisure of the third generation, which is very difficult to understand. The designer of this replica is really stubborn. Personally, this time the use of leather, including the overall workmanship of aj5, can be regarded as a failure of this pair of beautiful shoes.
DavidTut · May 1, 2023 at 1:09 pm
https://car-rental-barcelona.com/car-rental-in-barcelona-with-a-car-seat/
QuentinVar · May 4, 2023 at 7:34 pm
Стамбул, Турция: прокат авто дешево
avenue17 · May 5, 2023 at 1:46 pm
In my opinion you are mistaken. I can prove it. Write to me in PM, we will talk.
creek gate io · May 6, 2023 at 12:11 am
After reading your article, it reminded me of some things about gate io that I studied before. The content is similar to yours, but your thinking is very special, which gave me a different idea. Thank you. But I still have some questions I want to ask you, I will always pay attention. Thanks.
gateio · May 8, 2023 at 1:06 am
Your article made me suddenly realize that I am writing a thesis on gate.io. After reading your article, I have a different way of thinking, thank you. However, I still have some doubts, can you help me? Thanks.
gucci bags and purses · May 9, 2023 at 10:42 am
The double GLOGO pattern weave of the genuine Gucci is very neat, and the pattern of the two capital letters G can be clearly seen. The fake Gucci double GLOGO pattern does not look like a clear capital letter G, but like C; and the genuine double G is separate and will not be connected together.
Shanetof · May 11, 2023 at 9:28 am
Kukhareva
Vytvorit úcet na binance · May 16, 2023 at 10:48 pm
Thanks for sharing. I read many of your blog posts, cool, your blog is very good. https://accounts.binance.com/cs/register?ref=UM6SMJM3
criptomoedas · May 18, 2023 at 1:10 pm
Não acho que o título do seu artigo corresponda ao conteúdo lol. Brincadeira, principalmente porque fiquei com algumas dúvidas depois de ler o artigo.
gateio alım satım nasıl yapılır · May 20, 2023 at 10:51 pm
I am a website designer. Recently, I am designing a website template about gate.io. The boss’s requirements are very strange, which makes me very difficult. I have consulted many websites, and later I discovered your blog, which is the style I hope to need. thank you very much. Would you allow me to use your blog style as a reference? thank you!
win daddy · May 22, 2023 at 9:18 pm
What nice message
Create Account · May 22, 2023 at 9:25 pm
The point of view of your article has taught me a lot, and I already know how to improve the paper on gate.oi, thank you. https://www.gate.io/id/signup/XwNAU
gateio · May 25, 2023 at 10:39 pm
I may need your help. I’ve been doing research on gate io recently, and I’ve tried a lot of different things. Later, I read your article, and I think your way of writing has given me some innovative ideas, thank you very much.
binance register · May 27, 2023 at 11:35 am
Your point of view caught my eye and was very interesting. Thanks. I have a question for you. https://accounts.binance.com/en/register?ref=P9L9FQKY
BrentTreva · May 31, 2023 at 9:34 pm
https://pq.hosting/vps-vds-united-kingdom-england-london-great-britain
lv bags outlet · June 3, 2023 at 3:58 am
And on Xiaohongshu, there are also user feedbacks that Neverfull handbags bought for thousands of dollars in 2016 have almost doubled now鈥斺€擫ouis Vuitton Outlet official website shows that the current official price of Neverfull medium-sized handbags is 14,400 yuan.
габбро диабаз · June 6, 2023 at 2:35 am
Я рад, что наткнулся на эту статью. Она содержит уникальные идеи и интересные точки зрения, которые позволяют глубже понять рассматриваемую тему. Очень познавательно и вдохновляюще!
габбро диабаз · June 6, 2023 at 2:37 am
Я чувствую, что эта статья является настоящим источником вдохновения. Она предлагает новые идеи и вызывает желание узнать больше. Большое спасибо автору за его творческий и информативный подход!
аудиокнига скачать · June 8, 2023 at 11:36 pm
Я просто не могу пройти мимо этой статьи без оставления положительного комментария. Она является настоящим примером качественной журналистики и глубокого исследования. Очень впечатляюще!
-Реклама на торговых площадках Китая · June 10, 2023 at 2:20 am
Я просто восхищен этой статьей! Автор предоставил глубокий анализ темы и подкрепил его примерами и исследованиями. Это помогло мне лучше понять предмет и расширить свои знания. Браво!