Apache Struts (CVE-2018-11776) and GhostScript.

Document ID : KB000112292
Last Modified Date : 28/08/2018
Show Technical Document Details
We're sure MICS is not affected, but we require a vendor confirmation.
Checking to see if MICS is affected by the following:
Wells Fargo has declared an emergency for the in Apache Struts (CVE-2018-11776) and GhostScript.
The emergency is focused on the core of Apache Struts, affecting supported Struts versions through 2.3.34 and Google Project Zero security researcher Tavis Ormandy published his findings on a Ghostscript vulnerability that could enable an attacker to conduct remote code execution on a victim target.
Open source reporting indicates North Korean hackers exploited a previous Ghostscript vulnerability (CVE-2017-8291) to steal cryptocurrency from South Korean users and exchanges.
CA MICS has no exposure to the Apache Struts vulnerability.