IBM Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to ClassLoader manipulation vulnerability in Open Source Apache Struts version 1 (CVE-2014-0114)
Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the setting of Class Loader attributes. An attacker could exploit this vulnerability using the class parameter of an ActionForm object to manipulate the ClassLoader and execute arbitrary code on the system. IBM Information Server and constituent products are impacted.
IBM InfoSphere Information Server versions 8.0, 8.1, 8.5, 8.7, and 9.1,