search cancel

Is CA Process Automation affected by CVE-2018-11776

book

Article ID: 112348

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction



Does CA Process Automation use Apache Struts2 and is it affected by the vulnerability outlined in CVE-2018-117766?

Environment

Release: ITPASA99000-4.3-Process Automation-Add On License for-CA Server Automation
Component:

Resolution

Short answer - no.

CA Process Automation 4.3 SP02 and previous releases use Apache Struts version 1.27, and is therefore not impacted by this vulnerability.
CA Process Automation 4.3 SP03 has replaced Apache Struts with Spring framework, and is not impacted by this vulnerability, or any vulnerability associated with Apache Struts.