Is CA Process Automation affected by CVE-2018-11776

Document ID : KB000112348
Last Modified Date : 28/08/2018
Show Technical Document Details
Question:
Does CA Process Automation use Apache Struts2 and is it affected by the vulnerability outlined in CVE-2018-117766?
Answer:
Short answer - no.

CA Process Automation 4.3 SP02 and previous releases use Apache Struts version 1.27, and is therefore not impacted by this vulnerability.
CA Process Automation 4.3 SP03 has replaced Apache Struts with Spring framework, and is not impacted by this vulnerability, or any vulnerability associated with Apache Struts.