ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Apache Struts 2 vulnerability
Article ID: 15006
Updated On:
Products
DX Unified Infrastructure Management (Nimsoft / UIM)
NIMSOFT PROBES
Issue/Introduction
On July 7, 2017 a vulnerability was detected that affects Apache Struts versions 2.3.x. The following is more information on this vulnerability:
- Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
- National Vulnerability Database: CVE-2017-9791
Is UIM/UMP vulnerable to the Apache Struts 2 Remote Code Execution Vulnurability?
Environment
Release: CNMSPP99000-8.47-Unified Infrastructure Mgmt-Server Pack-- On Prem
Component:
Component:
Resolution
UMP uses Apache Struts version 1.2. As a result, this vulnerability can be safely ignored for UIM and UMP. This has been verified with development, where they confirmed through the struts-config.xml file located on the UMP server OS Nimsoft\probes\service\wasp\webapps\ROOT\WEB-INF. If you open this file in Notepad, it shows the Apache Struts version of 1.2.
Feedback
Yes
No
Powered by
