Apache Struts 2 vulnerability CVE-2017-5638 and SSO Agent for Sharepoint

Document ID : KB000013755
Last Modified Date : 14/02/2018
Show Technical Document Details

A vulnerability for Apache Struts 2 was reported under CVE-2017-5638


The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.



Is SSO Agent for SharePoint impacted by the Struts 2 vulnerability reported under CVE-2017-5638?

R12.52 SP1 all CRs

SSO SSO Agent for Sharepoint is not impacted by the Struts 2 vulnerability reported under CVE-2017-5638. 

Please use the following documentation links as a reference. 


R12.52 Sp1 CRx


Struts 1.2.9 is used.