Apache Struts has been updated to version 2.3.16.2 to address multiple security issues. A fix for a remote code execution vulnerability was found to be insufficient and could be bypassed. A new fix addressed a medium-risk exploit that could have allowed attackers to manipulate the internal state of sessions and requests. The fix also addressed a denial-of-service vulnerability tracked as CVE-2014-0050 that was originally patched in Struts 2.2.1. Another product called vCenter Orchestrator (vCOps) is affected only by the denial of service issue.”]