Is CA Process Automation affected by CVE-2018-11776
Article ID: 112348
CA Process Automation Base
Does CA Process Automation use Apache Struts2 and is it affected by the vulnerability outlined in CVE-2018-117766?
Release: ITPASA99000-4.3-Process Automation-Add On License for-CA Server Automation Component:
Short answer - no.
CA Process Automation 4.3 SP02 and previous releases use Apache Struts version 1.27, and is therefore not impacted by this vulnerability. CA Process Automation 4.3 SP03 has replaced Apache Struts with Spring framework, and is not impacted by this vulnerability, or any vulnerability associated with Apache Struts.