Information regarding CA Identity Manager and vulnerability CVE-2017-5638

Document ID : KB000015988
Last Modified Date : 28/02/2019
Show Technical Document Details

Is CA Identity Manager impacted by vulnerability CVE-2017-5638?


Identity Manager 12.0, 12.5, 12.6, 14.0 and 14.1 use and older Apache Struts version 1.2.9 which is not vulnerable to the CVE-2017-5638 exploit.

Identity Manager 14.2 has upgraded the Struts version to Apache Struts which is also not vulnerable to the CVE-2017-5638 exploit.

You can find details on this in the documentation here:

    Upgraded to Apache Struts to overcome security vulnerabilities.

    CA Identity Manager release 14.2 uses Apache Struts for Management Console. With Apache Struts support, the given changes are applicable:

        Management Console Access URL: The URL to access Management Console programmatically has changed. The syntax of the new URL is as follows: