AnsweredAssumed Answered

Apache Struts Vulnerability

Question asked by Nick Vander Pluym on Mar 15, 2017
Latest reply on Mar 15, 2017 by Edward Davis

Is RSA SecureID authentication manager 8.X vulnerable to the new apache struts vuln? I see you had to patch struts back in 2014 with an advisory. What about the latest one? Does any of the SP resolve it? 8.2.5? or wait for SP6?

 

CVE number:  CVE-2017-5638

 

The vulnerability exists in Apache Struts versions 2.3.5 through 2.3.31 and 2.5 through 2.5.10

 

I dont see a new advisory for this

Outcomes