https://issues.apache.org/jira/browse/COLLECTIONS-580 (English)
■For customers using intra-mart WebPlatform/AppFramework
This vulnerability might affect the customers using either Enterprise version or Debug Server version in the standard intra-mart WebPlatform/AppFramework Ver7.0, Ver7.1, and Ver7.2.
Although we haven’t received the information that our products were affected by this vulnerability so far, we provide an emergency patch at our patch download site, in consideration of the content of the vulnerability.
http://newsupport.intra-mart.jp/patch/download/patch_info.php?patch_cd=1310 (Japanese)
For detailed contents, refer to readme.txt in the archive file attached to the patch download site.
■Customers using intra-mart Accel Platform
Customers using the standard intra-mart Accel Platform Ver8.0.3 or later and either
・SAStruts Portal module or
・intra-mart Accel Archiver
may be affected by this vulnerability.
Although we haven’t received the information that our products were affected by this vulnerability so far, we will release a patch on November 30, 2015, in consideration of the content of the vulnerability.
Until the release, this vulnerability can be prevented by overwriting commons-collections-3.2.1.jar file attached to this FAQ with %CONTEXT_PATH%/WEB-INF/lib/commons-collections-3.2.1.jar.
The patch was released on November 30, 2015.
https://issue.intra-mart.jp/issues/21869
-- Target ------------------------------------------------------------------------
iWP/Web System Construction Platform/WebPlatform/AppFramework
iAP/Accel Platform/All Updates
--------------------------------------------------------------------------------
FAQID:724