IBM Security Bulletin: ClassLoader manipulation with Apache Struts affecting Lotus Expeditor (CVE-2014-0114)
There is a ClassLoader manipulation vulnerability in Apache Struts that is used by Lotus Expeditor.
Default Lotus Expeditor installation ( without any additional add-on ) is not affected by the vulnerability.
Below Lotus Expeditor releases are affected by the vulnerability only If add-on Runtime Components are installed on top of the default Lotus Expeditor installation.
Lotus Expeditor 6.1.x
Lotus Expeditor 6.2.x
Steps to confirm if your Lotus Expeditor installation is vulnerable:
The vulnerability is applicable only If below mentioned features are installed/available in your Lotus Expeditor client.