Addressing CVE 2018-11776 for Advanced Authentication product suite
Article ID: 113447
Updated On:
Products
CA Rapid App Security
CA Advanced Authentication
Issue/Introduction
Please confirm the impact of Apache Struts Namespace & URL Tag RCE Vulnerability (CVE-2018-11776) on CA Authminder/Riskminder/UDS/StateManager components.
Environment
Release:
Component: RSKFRT
Component: RSKFRT
Resolution
This vulnerability is only when we are using result or url tags. So,this vulnerability will not impact our product.
<%@ taglib prefix="html" uri="http://struts.apache.org/tags-html" %>
<%@ taglib prefix="tiles" uri="http://struts.apache.org/tags-tiles" %>
<%@ taglib prefix="html" uri="http://struts.apache.org/tags-html" %>
<%@ taglib prefix="tiles" uri="http://struts.apache.org/tags-tiles" %>
Feedback
Yes
No
Powered by
