search cancel

Apache Struts (CVE-2018-11776) and GhostScript.

book

Article ID: 112292

calendar_today

Updated On:

Products

MICS Resource Management

Issue/Introduction

We're sure MICS is not affected, but we require a vendor confirmation.
Checking to see if MICS is affected by the following:
Wells Fargo has declared an emergency for the in Apache Struts (CVE-2018-11776) and GhostScript.
The emergency is focused on the core of Apache Struts, affecting supported Struts versions through 2.3.34 and 2.5.1.6. Google Project Zero security researcher Tavis Ormandy published his findings on a Ghostscript vulnerability that could enable an attacker to conduct remote code execution on a victim target.
Open source reporting indicates North Korean hackers exploited a previous Ghostscript vulnerability (CVE-2017-8291) to steal cryptocurrency from South Korean users and exchanges.

Environment

Release:
Component: MICS

Resolution

CA MICS has no exposure to the Apache Struts vulnerability.