Apache Struts (CVE-2018-11776) and GhostScript.
Article ID: 112292
Updated On:
Products
MICS Resource Management
Issue/Introduction
We're sure MICS is not affected, but we require a vendor confirmation.
Checking to see if MICS is affected by the following:
Wells Fargo has declared an emergency for the in Apache Struts (CVE-2018-11776) and GhostScript.
The emergency is focused on the core of Apache Struts, affecting supported Struts versions through 2.3.34 and 2.5.1.6. Google Project Zero security researcher Tavis Ormandy published his findings on a Ghostscript vulnerability that could enable an attacker to conduct remote code execution on a victim target.
Open source reporting indicates North Korean hackers exploited a previous Ghostscript vulnerability (CVE-2017-8291) to steal cryptocurrency from South Korean users and exchanges.
Checking to see if MICS is affected by the following:
Wells Fargo has declared an emergency for the in Apache Struts (CVE-2018-11776) and GhostScript.
The emergency is focused on the core of Apache Struts, affecting supported Struts versions through 2.3.34 and 2.5.1.6. Google Project Zero security researcher Tavis Ormandy published his findings on a Ghostscript vulnerability that could enable an attacker to conduct remote code execution on a victim target.
Open source reporting indicates North Korean hackers exploited a previous Ghostscript vulnerability (CVE-2017-8291) to steal cryptocurrency from South Korean users and exchanges.
Environment
Release:
Component: MICS
Component: MICS
Resolution
CA MICS has no exposure to the Apache Struts vulnerability.
Feedback
Yes
No
Powered by
