An issue has been identified in IBM OpenPages GRC Platform 126.96.36.199 for which an interim fix is now available. It is strongly recommended this fix be installed as soon as possible.
This interim fix addresses the Apache Struts 1.x security vulnerability CVE-2014-0114 in IBM OpenPages GRC Platform 188.8.131.52 (i.e. 6.2.1 Fix Pack 1). The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.
It is strongly recommended this fix be applied to all of your OpenPages GRC Platform 184.108.40.206 environments as soon as possible.
This interim fix requires that IBM OpenPages GRC Platform 6.2.1 Fix Pack 1 is already installed.
1. Download the appropriate release for your server architecture.
2. Copy the downloaded patch to the application server.
3. Extract patch.
4. Follow the installation instructions in the 220.127.116.11.1_OP_Patch_Readme.pdf located in the extracted patch directory.
|Download||RELEASE DATE||LANGUAGE||SIZE(Bytes)||Download Options
What is Fix Central(FC)?
|OpenPages GRC 18.104.22.168 IF1 for WebSphere||30 May 2014||Language Independent||20000||FC|
|OpenPages GRC 22.214.171.124 IF1 for WebLogic||30 May 2014||Language Independent||20000||FC|