ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Is CA Process Automation affected by CVE-2018-11776

book

Article ID: 112348

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction



Does CA Process Automation use Apache Struts2 and is it affected by the vulnerability outlined in CVE-2018-117766?

Environment

Release: ITPASA99000-4.3-Process Automation-Add On License for-CA Server Automation
Component:

Resolution

Short answer - no.

CA Process Automation 4.3 SP02 and previous releases use Apache Struts version 1.27, and is therefore not impacted by this vulnerability.
CA Process Automation 4.3 SP03 has replaced Apache Struts with Spring framework, and is not impacted by this vulnerability, or any vulnerability associated with Apache Struts.