search cancel

Addressing CVE 2018-11776 for Advanced Authentication product suite

book

Article ID: 113447

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication

Issue/Introduction



Please confirm the impact of Apache Struts Namespace & URL Tag RCE Vulnerability (CVE-2018-11776) on CA Authminder/Riskminder/UDS/StateManager components.

Environment

Release:
Component: RSKFRT

Resolution

This vulnerability is only when we are using result or url tags. So,this vulnerability will not impact our product.
<%@ taglib prefix="html" uri="http://struts.apache.org/tags-html" %>
<%@ taglib prefix="tiles" uri="http://struts.apache.org/tags-tiles" %>