ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Apache Struts (CVE-2018-11776) and GhostScript.
Article ID: 112292
MICS Resource Management
We're sure MICS is not affected, but we require a vendor confirmation. Checking to see if MICS is affected by the following: Wells Fargo has declared an emergency for the in Apache Struts (CVE-2018-11776) and GhostScript. The emergency is focused on the core of Apache Struts, affecting supported Struts versions through 2.3.34 and 18.104.22.168. Google Project Zero security researcher Tavis Ormandy published his findings on a Ghostscript vulnerability that could enable an attacker to conduct remote code execution on a victim target. Open source reporting indicates North Korean hackers exploited a previous Ghostscript vulnerability (CVE-2017-8291) to steal cryptocurrency from South Korean users and exchanges.
Release: Component: MICS
CA MICS has no exposure to the Apache Struts vulnerability.