This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
googol
Contributor
Contributor
‎2017-03-15 12:34 AM

Apache Struts Vulnerability

Jump to solution

Is RSA SecureID authentication manager 8.X vulnerable to the new apache struts vuln? I see you had to patch struts back in 2014 with an advisory. What about the latest one? Does any of the SP resolve it? 8.2.5? or wait for SP6?

 

CVE number:  CVE-2017-5638

 

The vulnerability exists in Apache Struts versions 2.3.5 through 2.3.31 and 2.5 through 2.5.10

 

I dont see a new advisory for this

0 Likes
Reply
1 Solution

Accepted Solutions
BrianTwomey
Employee
Employee
‎2017-03-15 08:17 AM

Jump to solution

HI Nick,

 

There's a KB that was recently published in regards to this: https://community.rsa.com/docs/DOC-73349

View solution in original post

0 Likes
Reply
2 Replies
BrianTwomey
Employee
Employee
‎2017-03-15 08:17 AM

Jump to solution

HI Nick,

 

There's a KB that was recently published in regards to this: https://community.rsa.com/docs/DOC-73349

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2017-03-15 08:30 AM

Jump to solution

Quick answer.

No vulnerability for Auth Manager and no vulnerability for RSA agents. The KB has the details.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.