ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Apache Struts (CVE-2018-11776) and GhostScript.


Article ID: 112292


Updated On:


MICS Resource Management


We're sure MICS is not affected, but we require a vendor confirmation.
Checking to see if MICS is affected by the following:
Wells Fargo has declared an emergency for the in Apache Struts (CVE-2018-11776) and GhostScript.
The emergency is focused on the core of Apache Struts, affecting supported Struts versions through 2.3.34 and Google Project Zero security researcher Tavis Ormandy published his findings on a Ghostscript vulnerability that could enable an attacker to conduct remote code execution on a victim target.
Open source reporting indicates North Korean hackers exploited a previous Ghostscript vulnerability (CVE-2017-8291) to steal cryptocurrency from South Korean users and exchanges.


Component: MICS


CA MICS has no exposure to the Apache Struts vulnerability.