Apache STRUTS (CVE-2018-11776) is an open-source web application framework for developing Java EE web applications. GhostScript is an “interpreter,” which is a program that converts programming languages into machine code that is understood by the computer, and executes the code. This feature is used in software suites to enable editing or viewing of documents, such as PDF or PostScript files.
Are CA PAM versions 188.8.131.52 and 3.2 vulnerable to Apache STRUTS (CVE-2018-11776) and the GhostScript vulnerability?
PAM 2.8 and 3.2
PAM does not use STRUTS and is thus not affected, and also PAM is not impacted by the ghostscript vulnerabilities. - confirmed by CA Vulnerabilities Response Team.