Flashes (Alerts)
Abstract
IBM WebSphere Application Server is not vulnerable to the Apache Struts 2 vulnerability CVE-2017-5638
Content
IBM WebSphere Application Server in all editions and all platforms is NOT vulnerable to the Apache Struts 2 vulnerability (CVE-2017-5638). The IBM HTTP Server is also not affected.
NOTE: You should check your applications to determine if they are using the vulnerable Apache Struts APIs and update your Apache Struts 2 accordingly. Refer to https://cwiki.apache.org/confluence/display/WW/S2-045
[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"9.0;8.5.5;8.5;8.0;7.0","Edition":"Advanced;Base;Developer;Enterprise;Liberty;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSCKBL","label":"WebSphere Application Server Hypervisor Edition"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}},{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSD28V","label":"WebSphere Application Server Liberty Core"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg22000122