Apache Struts (CVE-2018-11776) and GhostScript.

Document ID : KB000112292
Last Modified Date : 28/08/2018
Show Technical Document Details
Issue:
We're sure MICS is not affected, but we require a vendor confirmation.
Checking to see if MICS is affected by the following:
Wells Fargo has declared an emergency for the in Apache Struts (CVE-2018-11776) and GhostScript.
The emergency is focused on the core of Apache Struts, affecting supported Struts versions through 2.3.34 and 2.5.1.6. Google Project Zero security researcher Tavis Ormandy published his findings on a Ghostscript vulnerability that could enable an attacker to conduct remote code execution on a victim target.
Open source reporting indicates North Korean hackers exploited a previous Ghostscript vulnerability (CVE-2017-8291) to steal cryptocurrency from South Korean users and exchanges.
Resolution:
CA MICS has no exposure to the Apache Struts vulnerability.