Identity Manager 12.0, 12.5, 12.6, 14.0 and 14.1 use and older Apache Struts version 1.2.9 which is not vulnerable to the CVE-2017-5638 exploit.
Identity Manager 14.2 has upgraded the Struts version to Apache Struts 184.108.40.206 which is also not vulnerable to the CVE-2017-5638 exploit.
You can find details on this in the documentation here:
Upgraded to Apache Struts 220.127.116.11 to overcome security vulnerabilities.
CA Identity Manager release 14.2 uses Apache Struts 18.104.22.168 for Management Console. With Apache Struts 22.214.171.124 support, the given changes are applicable:
Management Console Access URL: The URL to access Management Console programmatically has changed. The syntax of the new URL is as follows: