An issue has been identified in IBM OpenPages GRC Platform 184.108.40.206 for which an interim fix is now available. It is strongly recommended this fix be installed as soon as possible.
This interim fix addresses the Apache Struts 1.x security vulnerability CVE-2014-0114 in IBM OpenPages GRC Platform 220.127.116.11 (i.e. 6.2.1 Fix Pack 1). The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.
It is strongly recommended this fix be applied to all of your OpenPages GRC Platform 18.104.22.168 environments as soon as possible.
This interim fix requires that IBM OpenPages GRC Platform 6.2.1 Fix Pack 1 is already installed.
1. Download the appropriate release for your server architecture.
2. Copy the downloaded patch to the application server.
3. Extract patch.
4. Follow the installation instructions in the 22.214.171.124.1_OP_Patch_Readme.pdf located in the extracted patch directory.
|Download||RELEASE DATE||LANGUAGE||SIZE(Bytes)||Download Options
What is Fix Central (FC)?
|OpenPages GRC 126.96.36.199 IF1 for WebSphere||30 May 2014||Language Independent||20000||FC|
|OpenPages GRC 188.8.131.52 IF1 for WebLogic||30 May 2014||Language Independent||20000||FC|