Addressing CVE-2018-11776 for CA Single Sign-On

Document ID : KB000112410
Last Modified Date : 29/08/2018
Show Technical Document Details
Introduction:
From the Red Hat CVE Database entry on CVE-2018-11776:

  "Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from
  possible Remote Code Execution when using results with no namespace
  and in same time, its upper action(s) have no or wildcard
  namespace. Same possibility when using url tag which doesn't have
  value and action set and in same time, its upper action(s) have no
  or wildcard namespace."
 
Question:
  Is CA Single Sign-On product vulnerable to CVE-2018-11776?
Answer:
CA Single Sign-On is not vulnerable to CVE-2018-11776, as CA Single
Sign-On includes struts 1.x version


 
Additional Information:
Red Hat CVE database: https://access.redhat.com/security/cve/cve-2018-11776