IBM Security Bulletin: An Apache Struts security vulnerability affects the Tivoli Integrated Portal component of the Tivoli Storage Manager Administration Center (CVE-2014-0114)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirthigh psirttivoli
0 Comments | 702 Visits
The IBM Tivoli Storage Manager Administration Center is shipped with IBM Tivoli Integrated Portal and IBM embedded WebSphere (eWAS) as components. There is a ClassLoader manipulation vulnerability in the Apache Struts levels that are used by Tivoli Integrated Portal and eWAS (CVE-2014-0114). A critical patch update was released for Tivoli Integrated Portal. The update contains a fix that applies to the Administration Center.
IBM Tivoli Storage Manager Administration Center and Tivoli Central Reporting for Tivoli Storage Manager Versions 6.1, 6.2, and 6.3