Addressing CVE-2018-11776 for CA Single Sign-On
Article ID: 112410
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
From the Red Hat CVE Database entry on CVE-2018-11776:
"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from
possible Remote Code Execution when using results with no namespace
and in same time, its upper action(s) have no or wildcard
namespace. Same possibility when using url tag which doesn't have
value and action set and in same time, its upper action(s) have no
or wildcard namespace."
Is CA Single Sign-On product vulnerable to CVE-2018-11776?
"Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from
possible Remote Code Execution when using results with no namespace
and in same time, its upper action(s) have no or wildcard
namespace. Same possibility when using url tag which doesn't have
value and action set and in same time, its upper action(s) have no
or wildcard namespace."
Is CA Single Sign-On product vulnerable to CVE-2018-11776?
Environment
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP
Component:
Component:
Resolution
CA Single Sign-On is not vulnerable to CVE-2018-11776, as CA Single
Sign-On includes struts 1.x version
Sign-On includes struts 1.x version
Additional Information
Red Hat CVE database: https://access.redhat.com/security/cve/cve-2018-11776
Feedback
Yes
No
Powered by
