The discovered issue allows a remote attacker to execute arbitrary code on the target system in context of the current user. This can be exploited via a maliciously created .jmx file, during authentication process.

The new version 3.2.1 of JBoss-client has been released to fix the issue. Users are advised to update the software as soon as possible.

Another high-severity bug was discovered in Apache Struts. The issue is a cross-site request forgery (CSRF) vulnerability, which can be exploited by a remote attacker to perform malicious actions on behalf of a victim.

Apache Struts is an open source framework for building web applications, which is used by a lot of large companies and organizations. The new version 3.2.1 of Apache Struts has been released to address the issue. Users are advised to update the software as soon as possible.

Important Bug Updates

Many high-severity vulnerabilities were discovered in software. Companies are continually releasing updates to fix these issues.

About Apache Struts

The Struts framework is a free and open source Java web application framework, which allows developers to create completely customizable and maintainable web applications. It has a modular architecture for building dynamic web applications.
Apache Struts is used by organizations such as NASA, UBS, JPMorgan Chase, Toyota, and the U.S. Department of Defense.

Timeline

Published on: 03/11/2022 18:15:00 UTC
Last modified on: 03/18/2022 13:51:00 UTC

References