CVE-2017-5638 Struts Vulnerability for CA Spectrum 10.x

Document ID : KB000015850
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Is CA Spectrum affected by Struts 2 Vulnerability CVE-2017-5638?

 

 
Answer:

CA Spectrum 10.2.1 comes with Strust 2.3.32 which is not vulnerable to this CVE.

However, previous versions are vulnerable.

There is no workaround for the release of Struts that CA ships with versions prior to 10.2.1.

CA highly suggests customers upgrade to 10.2.1 to obtain the fix for this vulnerability.

 

It has been classified as a high threat / Critical.

Please see CVE details on Apache's documentation:

 

https://cwiki.apache.org/confluence/display/WW/S2-045

 

And NVD Details:

 

https://nvd.nist.gov/vuln/detail/CVE-2017-5638

 

Additional Information:

CAPM and CAPC are also not affected by this vulnerability:

 

https://support.ca.com/us/knowledge-base-articles.TEC1993486.html