The CVE-2017-5638 vulnerability report describes two Struts 2 framework classes which allow for the vulnerability (specifically the FileUploadInterceptor.java and LocalizedTextUtil.java classes).
APM currently makes use of the Struts 1.1, Struts 1.2.7 and Struts-menu2.3 frameworks, which do not make use the affected classes. The Struts-menu 2.3 library(though v2.3) is an independent library and the classes affected are not available in any Struts 1.x framework. Therefore APM is not affected by this vulnerability.