Apache Struts2 REST Plug-in Vulnerability
The recent data breach announced by Equifax has raised concerns across enterprises and institutions about security vulnerabilities within widely used open source software. A vulnerability within an interface to the Apache Struts2 software has been identified as the cause for the unauthorized access to Equifax’s internal systems.
Updated December 5, 2017
The Apache Software Foundation has released security updates that address the vulnerabilities detected within Apache Struts versions 2.5 to 2.5.14. These vulnerabilities could be exploited to take control of an affected system.
Vulnerable Quantum Products
No Quantum products are affected by the Apache Strut vulnerability.
Unaffected Quantum Products
The following Quantum hardware or software products are not affected by the Apache Struts2 REST security vulnerability.
- StorNext software, including Storage Manager
- StorNext Network Attached Storage (NAS)
- StorNext Connect
- Lattus (C5, C10, S10, and S20 nodes)
- Scalar i3 and i6
- Scalar i40 and i80
- Scalar i500
- Scalar i6000 and i2000
- Scalar Key Manager
- Scalar LTFS
- StorNext storage appliances
- Pro Foundation
- G-series gateways
- Xcellis Workflow Directors and Extenders
- Stand-alone tape drives
- QSX hybrid disk
Apache Struts is an open source framework used to create enterprise-grade Java web applications. A vulnerability within the Representational State Transfer (REST) plug-in could allow an unauthorized user to execute arbitrary software code, which could cause the system to be compromised. The Apache Software Foundation has confirmed this vulnerability, and has released software updates that address this issue. Additional information about this vulnerability are found in the References section below.
Additional information about this vulnerability can be found here:
In US, call 800-284-5101. In Europe, call toll free +800-7826-8888 or direct +49 6131 324 185. You will need your system serial number. For additional contact information, go to http://www.quantum.com/serviceandsupport/get-help/index.aspx#contact-support