Dell moves on Apache Struts 2 vulnerability

3 months ago AndyC

Dell has begun working to patch a late-2023 critical vulnerability in Apache Struts 2, which has been inherited by a number of its Avamar and Integrated Data Protection Appliance (IDPA) products.

Dell moves on Apache Struts 2 vulnerability

Dell has begun working to patch a late-2023 critical vulnerability in Apache Struts 2, which has been inherited by a number of its Avamar and Integrated Data Protection Appliance (IDPA) products.




Dell moves on Apache Struts 2 vulnerability










Avamar is a suite of data protection software that supports physical, virtual, and cloud environments.

In December, the Apache Foundation disclosed CVE-2023-50164, advising all users to upgrade to Struts 2.5.33 or Struts 6.3.0.2 or greater. Within days, proof-of-concept code was published.

“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file,” Apache’s advisory stated.

That sent a number of vendors on a hunt for whether their products had inherited the bug.

Dell has joined peers such as Cisco in advising of its vulnerability to CVE-2023-50164.

So far, fixes are available for various Avamar products in the version 19.10 branch; Avamar Virtual Edition for VMware ESXi and vSphere; and IDPA PowerProtect DP Series version 2.7.4 and older.

Other Avamar versions are awaiting a fix, expected in April.



About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Too much of a good thing? How security sprawl can weaken defences

Too much of a good thing? How security sprawl can weaken defences

1 day ago AndyC
Kinsing malware exploits Apache Tomcat on Linux clouds

Kinsing malware exploits Apache Tomcat on Linux clouds

1 day ago AndyC
LogicMonitor launches LM Cost Optimisation tool for businesses

LogicMonitor launches LM Cost Optimisation tool for businesses

1 day ago AndyC
Organisations battle AI risks amid rise in supply chain attacks

Organisations battle AI risks amid rise in supply chain attacks

1 day ago AndyC
AUCloud Ramps Expands its Senior Leadership Team

AUCloud Ramps Expands its Senior Leadership Team

2 days ago AndyC
Cyberattacks exploiting trusted ties spanned over a month in 2023

Cyberattacks exploiting trusted ties spanned over a month in 2023

2 days ago AndyC

You may have missed

The who, where, and how of APT attacks – Week in security with Tony Anscombe

The who, where, and how of APT attacks – Week in security with Tony Anscombe

4 hours ago AndyC
Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

Turla APT used two new backdoors to infiltrate a European ministry of foreign affairs

13 hours ago AndyC

Friday Squid Blogging: Emotional Support Squid

13 hours ago AndyC

How to Protect Yourself on Social Networks

19 hours ago AndyC
Nissan reveals ransomware attack exposed 53,000 workers' social security numbers

Nissan reveals ransomware attack exposed 53,000 workers’ social security numbers

19 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.