search cancel

Do Apache Struts (CVE-2018-11776) and GhostScript vulnerabilities affect PAM?


Article ID: 112322


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


Apache STRUTS (CVE-2018-11776) is an open-source web application framework for developing Java EE web applications. GhostScript is an “interpreter,” which is a program that converts programming languages into machine code that is understood by the computer, and executes the code. This feature is used in software suites to enable editing or viewing of documents, such as PDF or PostScript files.

Are CA PAM versions and 3.2 vulnerable to Apache STRUTS (CVE-2018-11776) and the GhostScript vulnerability? 


PAM 2.8 and 3.2


PAM does not use STRUTS and is thus not affected, and also PAM is not impacted by the ghostscript vulnerabilities. - confirmed by CA Vulnerabilities Response Team.