search cancel

Is Apache Struts in used by Endeovr

book

Article ID: 112321

calendar_today

Updated On:

Products

Endevor Software Change Manager (SCM) Endevor Software Change Manager - ECLIPSE Plugin (SCM)

Issue/Introduction

CVE-2018-11776 Detail: 

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when using results with no namespace and in same time, its upper action(s) have no or wildcard namespace. Same possibility when using url tag which doesn't have value and action set and in same time, its upper action(s) have no or wildcard namespace.

There is Apache Struts Vulnerability (CVE-2018-11776). Does Endevor (including Endevor Web Services) use struts?

Environment

Release: All supported versions 

Resolution

Endevor including Endevor Web Services does not use Apache Struts, therefore, Apache Struts Vulnerability does not apply to Endevor. 

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2018-11776