An issue has been identified in IBM OpenPages GRC Platform 188.8.131.52 for which an interim fix is now available. It is strongly recommended this fix be installed as soon as possible.
This interim fix addresses the Apache Struts 1.x security vulnerability CVE-2014-0114 in IBM OpenPages GRC Platform 184.108.40.206 (i.e. 6.2.1 Fix Pack 1). The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.
It is strongly recommended this fix be applied to all of your OpenPages GRC Platform 220.127.116.11 environments as soon as possible.
This interim fix requires that IBM OpenPages GRC Platform 6.2.1 Fix Pack 1 is already installed.
1. Download the appropriate release for your server architecture.
2. Copy the downloaded patch to the application server.
3. Extract patch.
4. Follow the installation instructions in the 18.104.22.168.1_OP_Patch_Readme.pdf located in the extracted patch directory.
|Download||RELEASE DATE||LANGUAGE||SIZE(Bytes)||Download Options
What is Fix Central(FC)?
|OpenPages GRC 22.214.171.124 IF1 for WebSphere||30 May 2014||Language Independent||20000||FC|
|OpenPages GRC 126.96.36.199 IF1 for WebLogic||30 May 2014||Language Independent||20000||FC|